On Saturday 08 March 2003 7:52 pm, Dale Amon wrote:
>Now *please* get back to debian security.
Concur...wholeheartedly!
Jeff Elkins
http://www.elkins.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sun, Mar 09, 2003 at 02:30:11AM +0100, Thomas Ritter wrote:
> Am Sonntag, 9. M?rz 2003 01:52 schrieb Dale Amon:
> > http://www.samizdata.com/blog
Oops. http://www.samizdata.net/blog
--
--
IN MY NAME:Dale Amon, CEO/MD
Christian Jaeger <[EMAIL PROTECTED]> writes:
> At 23:29 Uhr +0100 08.03.2003, Olaf Dietsche wrote:
>>Christian Jaeger <[EMAIL PROTECTED]> writes:
>>
>> > I began working with (unix/)linux.) And as written in my other reply
>> > I'm still missing a better alternative to
>> > /root/bin. "/local-
At 23:29 Uhr +0100 08.03.2003, Olaf Dietsche wrote:
Christian Jaeger <[EMAIL PROTECTED]> writes:
> I began working with (unix/)linux.) And as written in my other reply
> I'm still missing a better alternative to
> /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does
> not pro
On Sat, Mar 08, 2003 at 06:18:13PM -0600, David Ehle wrote:
>
> Ok I've resisted this thread for quite a while because its so off topic...
> but since nobody is complaining... I'm going to post a facinating letter
> from inside the FBI I ran across recently. I havn't done much work
> checking auth
On Sun, Mar 09, 2003 at 02:30:11AM +0100, Thomas Ritter wrote:
> Am Sonntag, 9. M?rz 2003 01:52 schrieb Dale Amon:
> > http://www.samizdata.com/blog
Oops. http://www.samizdata.net/blog
--
--
IN MY NAME:Dale Amon, CEO/MD
ing me to express these thoughts. They are
personal in nature and should not be construed as representing the view of
any FBI unit or other agents.
Yours truly,
Coleen Rowley
On Sun, 9 Mar 2003, Andreas Kotes wrote:
> Hi!
>
> this is off topic, but in case you've been wondering, too
Christian Jaeger <[EMAIL PROTECTED]> writes:
> At 23:29 Uhr +0100 08.03.2003, Olaf Dietsche wrote:
>>Christian Jaeger <[EMAIL PROTECTED]> writes:
>>
>> > I began working with (unix/)linux.) And as written in my other reply
>> > I'm still missing a better alternative to
>> > /root/bin. "/local-
At 23:29 Uhr +0100 08.03.2003, Olaf Dietsche wrote:
Christian Jaeger <[EMAIL PROTECTED]> writes:
> I began working with (unix/)linux.) And as written in my other reply
> I'm still missing a better alternative to
> /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does
> not provi
Hi!
this is off topic, but in case you've been wondering, too:
* Joost Beintema <[EMAIL PROTECTED]> [20030308 04:47]:
> > Your comment seems to lay blame for 9/11 on the intelligence community.
> > It's fair to say that they had major flaws at that time (and pos
On Sat, Mar 08, 2003 at 06:18:13PM -0600, David Ehle wrote:
>
> Ok I've resisted this thread for quite a while because its so off topic...
> but since nobody is complaining... I'm going to post a facinating letter
> from inside the FBI I ran across recently. I havn't done much work
> checking auth
Christian Jaeger <[EMAIL PROTECTED]> writes:
> I began working with (unix/)linux.) And as written in my other reply
> I'm still missing a better alternative to
> /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does
> not provide any.
Maybe /usr/local/sbin is, what you're looking f
ing me to express these thoughts. They are
personal in nature and should not be construed as representing the view of
any FBI unit or other agents.
Yours truly,
Coleen Rowley
On Sun, 9 Mar 2003, Andreas Kotes wrote:
> Hi!
>
> this is off topic, but in case you've been wondering, too
Hi!
this is off topic, but in case you've been wondering, too:
* Joost Beintema <[EMAIL PROTECTED]> [20030308 04:47]:
> > Your comment seems to lay blame for 9/11 on the intelligence community.
> > It's fair to say that they had major flaws at that time (and pos
At 20:23 Uhr +0100 08.03.2003, Stefan Neufeind wrote:
On 8 Mar 2003 at 17:40, Christian Jaeger wrote:
At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
- You should also be aware that a 0700 directory does not protect you
if you are moving another directory from outside to inside,
Christian Jaeger <[EMAIL PROTECTED]> writes:
> I began working with (unix/)linux.) And as written in my other reply
> I'm still missing a better alternative to
> /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does
> not provide any.
Maybe /usr/local/sbin is, what you're looking f
On Sat, Mar 08, 2003 at 08:16:38PM +0100, Thomas Sj?gren wrote:
> > root is not the regular user. Users need o+x on their home dirs for
> > Apache to be able to serve pages.
>
> No they don't.
> You shouldn't place user websites in their home dirs. Place the user
> "webspace" in e.g /var/www/[use
On Sat, Mar 08, 2003 at 08:07:51PM +0100, Christian Jaeger wrote:
> Isn't it the same as for any user account? If that user (who maybe
> shares his account with other people) wants his home dir private, he
> can do so. Or create a subdir which is private(*). I just see no
Typical user accounts
[EMAIL PROTECTED] wrote:
> how about offering it as an installation option?
> * /root/ permission
> some say 755 because ...
> others
> 700 because ...
> please select [700 | 750 | 755]
>
> or whatever options seem sensible...
Because it's unnecessary. Installation is already too cluttered with
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi list,
> Birzan George Cristian wrote:
>
> > First of all, I'd like to say that, yes, I know this was discussed
> > before, but no consensus was reached and the thread died. (Or at least,
> > the one I found by doing a quick Google search)
>
> No consensus was reached because none was possible
On 8 Mar 2003 at 17:40, Christian Jaeger wrote:
> At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
> - You should also be aware that a 0700 directory does not protect you
> if you are moving another directory from outside to inside, since
> users who have already chdir'd into it remain
On Sat, Mar 08, 2003 at 10:58:10AM -0800, Ted Parvu wrote:
> Why would you want this changed but be ok with, unless I changed mine
> somewhere and forgot, a default root umask of 0022 ?
Because I haven't, yet, seen a box that came, by default, with a
different umask. Again, for me it's about the p
On Sat, 8 Mar 2003, Birzan George Cristian wrote:
> > It should be locked down and not touched by adduser ("Would You Like To
> > Make All Homedirs World-Readable?").
> root is not the regular user. Users need o+x on their home dirs for
> Apache to be able to serve pages.
No they don't.
You shoul
At 17:47 Uhr + 08.03.2003, Dale Amon wrote:
When you have multiple people, working over long
periods of time (years), with varying stress
conditions, there will at some point be mistakes
made. That's why defense in depth is so important.
The more layers of protection you can place the
more li
At 20:23 Uhr +0100 08.03.2003, Stefan Neufeind wrote:
On 8 Mar 2003 at 17:40, Christian Jaeger wrote:
At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
- You should also be aware that a 0700 directory does not protect you
if you are moving another directory from outside to inside, si
On Sat, Mar 08, 2003 at 07:19:44PM +0100, Christian Jaeger wrote:
> Call me paranoid:)
Yes, but if you're so paranoid, why not add another layer of protection,
by making /root/ 700?
> I meant, if /root is world-readable, then you can still make a
> subdirectory which is not (i.e. I have a /root
On Sat, Mar 08, 2003 at 06:09:08PM +0200, Birzan George Cristian wrote:
>
> The fact that it shouldn't be used for storing any dangerous information
> doesn't mean it's not being used for that. What I am asking, in case my
> original mail wasn't clear enough, is why _shouldn't_ it be 750 or 700
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday 08 March 2003 04:11, Pav wrote:
Let me have a moment of silence for your excellent reply.
Thank you, it gives me some hope again.
Jord
- --
Technical Consultant ECM
mailto: [EMAIL PROTECTED]
Key Fingerprint: 1856 A04C FB51 9D2D 09B2
On Sat, Mar 08, 2003 at 08:16:38PM +0100, Thomas Sj?gren wrote:
> > root is not the regular user. Users need o+x on their home dirs for
> > Apache to be able to serve pages.
>
> No they don't.
> You shouldn't place user websites in their home dirs. Place the user
> "webspace" in e.g /var/www/[use
On Sat, Mar 08, 2003 at 08:07:51PM +0100, Christian Jaeger wrote:
> Isn't it the same as for any user account? If that user (who maybe
> shares his account with other people) wants his home dir private, he
> can do so. Or create a subdir which is private(*). I just see no
Typical user accounts
[EMAIL PROTECTED] wrote:
> how about offering it as an installation option?
> * /root/ permission
> some say 755 because ...
> others
> 700 because ...
> please select [700 | 750 | 755]
>
> or whatever options seem sensible...
Because it's unnecessary. Installation is already too cluttered with
At 19:23 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
On Sat, Mar 08, 2003 at 05:40:31PM +0100, Christian Jaeger wrote:
- You should also be aware that a 0700 directory does not protect you
if you are moving another directory from outside to inside, since
users who have already chdir'd
Hi list,
> Birzan George Cristian wrote:
>
> > First of all, I'd like to say that, yes, I know this was discussed
> > before, but no consensus was reached and the thread died. (Or at least,
> > the one I found by doing a quick Google search)
>
> No consensus was reached because none was possible
On Sat, Mar 08, 2003 at 07:12:13PM +0200, Birzan George Cristian wrote:
> I've talked with several other friends, and most of them (5 to 1),
> agreed that /root/ shouldn't be 755, but something more restrictive.
I'm in agreement as well. I use /root as a common
communication area among admin staff
On 8 Mar 2003 at 17:40, Christian Jaeger wrote:
> At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
> - You should also be aware that a 0700 directory does not protect you
> if you are moving another directory from outside to inside, since
> users who have already chdir'd into it remain
On Sat, Mar 08, 2003 at 10:58:10AM -0800, Ted Parvu wrote:
> Why would you want this changed but be ok with, unless I changed mine
> somewhere and forgot, a default root umask of 0022 ?
Because I haven't, yet, seen a box that came, by default, with a
different umask. Again, for me it's about the p
On Sat, Mar 08, 2003 at 05:40:31PM +0100, Christian Jaeger wrote:
> - You should also be aware that a 0700 directory does not protect you
> if you are moving another directory from outside to inside, since
> users who have already chdir'd into it remain inside it.
Yes, but how often does that ha
On Sat, 8 Mar 2003, Birzan George Cristian wrote:
> > It should be locked down and not touched by adduser ("Would You Like To
> > Make All Homedirs World-Readable?").
> root is not the regular user. Users need o+x on their home dirs for
> Apache to be able to serve pages.
No they don't.
You shoul
On Sat, Mar 08, 2003 at 08:05:26AM -0800, Craig Dickson wrote:
> But in the course of doing things that you have to do as root, when do
> you need to create files in /root? Almost never. If you find that you
> are using /root frequently, then I would guess that you are doing things
> as root that n
At 17:47 Uhr + 08.03.2003, Dale Amon wrote:
When you have multiple people, working over long
periods of time (years), with varying stress
conditions, there will at some point be mistakes
made. That's why defense in depth is so important.
The more layers of protection you can place the
more like
On Sat, Mar 08, 2003 at 07:19:44PM +0100, Christian Jaeger wrote:
> Call me paranoid:)
Yes, but if you're so paranoid, why not add another layer of protection,
by making /root/ 700?
> I meant, if /root is world-readable, then you can still make a
> subdirectory which is not (i.e. I have a /root
On Sat, Mar 08, 2003 at 06:09:08PM +0200, Birzan George Cristian wrote:
>
> The fact that it shouldn't be used for storing any dangerous information
> doesn't mean it's not being used for that. What I am asking, in case my
> original mail wasn't clear enough, is why _shouldn't_ it be 750 or 700
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday 08 March 2003 04:11, Pav wrote:
Let me have a moment of silence for your excellent reply.
Thank you, it gives me some hope again.
Jord
- --
Technical Consultant ECM
mailto: [EMAIL PROTECTED]
Key Fingerprint: 1856 A04C FB51 9D2D 09B2
At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
the moment, are 755. IMHO, this is a possible security problem
- Why is this a "possible security problem"? It looks like you are
not aware that you should always and anyways (regardless of whether
you're root at the moment or not)
Birzan George Cristian wrote:
> The fact that it shouldn't be used for storing any dangerous information
> doesn't mean it's not being used for that.
If it shouldn't be used so, but it is being used so on a particular
machine, then that machine's admin is at fault.
> What I am asking, in case my
At 19:23 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
On Sat, Mar 08, 2003 at 05:40:31PM +0100, Christian Jaeger wrote:
- You should also be aware that a 0700 directory does not protect you
if you are moving another directory from outside to inside, since
users who have already chdir'd in
Birzan George Cristian wrote:
> First of all, I'd like to say that, yes, I know this was discussed
> before, but no consensus was reached and the thread died. (Or at least,
> the one I found by doing a quick Google search)
No consensus was reached because none was possible.
> Back to the issue a
Please configure your mail client to a) wrap at 80 columns and b) set
In-Reply-To:
On Sat, Mar 08, 2003 at 04:13:43PM +0100, I.R. van Dongen wrote:
>
> Personally, I don't beleave /root should be used for any information that
> is 'dangerous' I personally use it sometimes for temp storage for .de
Sigh. I specifically said use the original CC: and reply to the list, not
reply to the list and CC:.
On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote:
> On Sat, Mar 08, 2003 at 01:02:13PM +0200, Birzan George Cristian wrote:
> > Back to the issue at hand, the default permissions on /root/, whic
On Sat, Mar 08, 2003 at 07:12:13PM +0200, Birzan George Cristian wrote:
> I've talked with several other friends, and most of them (5 to 1),
> agreed that /root/ shouldn't be 755, but something more restrictive.
I'm in agreement as well. I use /root as a common
communication area among admin staff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
subscribe
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+agytmCMDkFhFYMcRAu/rAJ0WB3HhiLR9g6d6NdAG4cjQJ/c8zwCeMMtu
syVIs5rKrSBtaoLB0k8PQUA=
=hcxo
-END PGP SIGNATURE-
On Sat, Mar 08, 2003 at 05:40:31PM +0100, Christian Jaeger wrote:
> - You should also be aware that a 0700 directory does not protect you
> if you are moving another directory from outside to inside, since
> users who have already chdir'd into it remain inside it.
Yes, but how often does that ha
Personally, I don't beleave /root should be used for any information that is
'dangerous' I personally use it sometimes for temp storage for .debs and such,
before I move them to /usr/src.
Therefor I don't really care what the default permissions are for /root.
the files that need to be there (
On Sat, Mar 08, 2003 at 08:05:26AM -0800, Craig Dickson wrote:
> But in the course of doing things that you have to do as root, when do
> you need to create files in /root? Almost never. If you find that you
> are using /root frequently, then I would guess that you are doing things
> as root that n
At 13:02 Uhr +0200 08.03.2003, Birzan George Cristian wrote:
the moment, are 755. IMHO, this is a possible security problem
- Why is this a "possible security problem"? It looks like you are
not aware that you should always and anyways (regardless of whether
you're root at the moment or not) take
Birzan George Cristian wrote:
> The fact that it shouldn't be used for storing any dangerous information
> doesn't mean it's not being used for that.
If it shouldn't be used so, but it is being used so on a particular
machine, then that machine's admin is at fault.
> What I am asking, in case my
On Sat, Mar 08, 2003 at 01:44:24PM +, Dale Amon wrote:
> On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote:
> > It should be locked down and not touched by adduser ("Would You Like To
> > Make All Homedirs World-Readable?").
>
> Actually I'd rather not, but there are (or at least
> were, I'v
Birzan George Cristian wrote:
> First of all, I'd like to say that, yes, I know this was discussed
> before, but no consensus was reached and the thread died. (Or at least,
> the one I found by doing a quick Google search)
No consensus was reached because none was possible.
> Back to the issue a
Please configure your mail client to a) wrap at 80 columns and b) set
In-Reply-To:
On Sat, Mar 08, 2003 at 04:13:43PM +0100, I.R. van Dongen wrote:
>
> Personally, I don't beleave /root should be used for any information that
> is 'dangerous' I personally use it sometimes for temp storage for .de
Sigh. I specifically said use the original CC: and reply to the list, not
reply to the list and CC:.
On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote:
> On Sat, Mar 08, 2003 at 01:02:13PM +0200, Birzan George Cristian wrote:
> > Back to the issue at hand, the default permissions on /root/, whic
On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote:
> It should be locked down and not touched by adduser ("Would You Like To
> Make All Homedirs World-Readable?").
Actually I'd rather not, but there are (or at least
were, I've not checked in a long while) problems
with apache access to /home/use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
subscribe
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+agytmCMDkFhFYMcRAu/rAJ0WB3HhiLR9g6d6NdAG4cjQJ/c8zwCeMMtu
syVIs5rKrSBtaoLB0k8PQUA=
=hcxo
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subje
Personally, I don't beleave /root should be used for any information that is
'dangerous' I personally use it sometimes for temp storage for .debs and such, before
I move them to /usr/src.
Therefor I don't really care what the default permissions are for /root.
the files that need to be there (
On Sat, Mar 08, 2003 at 01:02:13PM +0200, Birzan George Cristian wrote:
> Back to the issue at hand, the default permissions on /root/, which, at
> the moment, are 755. IMHO, this is a possible security problem and it
> should be set to, at least, 750 (thus allowing users in the wheel group
There
On Sat, Mar 08, 2003 at 01:44:24PM +, Dale Amon wrote:
> On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote:
> > It should be locked down and not touched by adduser ("Would You Like To
> > Make All Homedirs World-Readable?").
>
> Actually I'd rather not, but there are (or at least
> were, I'v
On Sat, Mar 08, 2003 at 07:37:53AM -0500, bda wrote:
> It should be locked down and not touched by adduser ("Would You Like To
> Make All Homedirs World-Readable?").
Actually I'd rather not, but there are (or at least
were, I've not checked in a long while) problems
with apache access to /home/use
Hello,
First of all, I'd like to say that, yes, I know this was discussed
before, but no consensus was reached and the thread died. (Or at least,
the one I found by doing a quick Google search)
Back to the issue at hand, the default permissions on /root/, which, at
the moment, are 755. IMHO, this
On Sat, Mar 08, 2003 at 01:02:13PM +0200, Birzan George Cristian wrote:
> Back to the issue at hand, the default permissions on /root/, which, at
> the moment, are 755. IMHO, this is a possible security problem and it
> should be set to, at least, 750 (thus allowing users in the wheel group
There
Hello,
First of all, I'd like to say that, yes, I know this was discussed
before, but no consensus was reached and the thread died. (Or at least,
the one I found by doing a quick Google search)
Back to the issue at hand, the default permissions on /root/, which, at
the moment, are 755. IMHO, this
71 matches
Mail list logo
