Gerfried Fuchs writes:
>* William R. Ward <[EMAIL PROTECTED]> [2001-12-04 11:56]:
>> Because the thread originated there.
>
> I haven't seen it before here. Do you really mean
><[EMAIL PROTECTED]> and not ?
>Those are two totally different things Maybe
Gerfried Fuchs writes:
>* William R. Ward <[EMAIL PROTECTED]> [2001-12-04 11:56]:
>> Because the thread originated there.
>
> I haven't seen it before here. Do you really mean
><[EMAIL PROTECTED]> and not <[EMAIL PROTECTED]>?
>Those are two totally di
Gerfried Fuchs writes:
>* William R Ward <[EMAIL PROTECTED]> [2001-12-03 00:50]:
>> Right; but assuming one takes care of this kind of issue, is there
>> anything inherently unsafe about running shell scripts through sudo?
>
> shell scripts usually call other program
martin f krafft <[EMAIL PROTECTED]> writes:
> * William R. Ward <[EMAIL PROTECTED]> [2001.11.29 18:00:40-0800]:
> > Question: Is it generally considered secure enough to sudo a bash
> > script like your sucpaliases? Or should a C equivalent be written
> > ins
Gerfried Fuchs writes:
>* William R Ward <[EMAIL PROTECTED]> [2001-12-03 00:50]:
>> Right; but assuming one takes care of this kind of issue, is there
>> anything inherently unsafe about running shell scripts through sudo?
>
> shell scripts usually call other program
martin f krafft <[EMAIL PROTECTED]> writes:
> * William R. Ward <[EMAIL PROTECTED]> [2001.11.29 18:00:40-0800]:
> > Question: Is it generally considered secure enough to sudo a bash
> > script like your sucpaliases? Or should a C equivalent be written
> > ins
>-- in either case... you have to trust your users that run the
> scripts/apps to replace /etc/aliases w/o giving um root access
Of course, the idea is to give certain permissions to certain users
without giving away the farm. That's what sudo's all about.
--Bill.
--
>-- in either case... you have to trust your users that run the
> scripts/apps to replace /etc/aliases w/o giving um root access
Of course, the idea is to give certain permissions to certain users
without giving away the farm. That's what sudo's all about.
--Bill.
--
onsidered secure enough to sudo a bash
script like your sucpaliases? Or should a C equivalent be written
instead?
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.wards.net/~bill/
-
If you&#x
William R Ward <[EMAIL PROTECTED]> writes:
> Is there any kind of wrapper that can be used to allow sudo to grant
> editing access to only one file? I am thinking of something similar
> to vipw or visudo, but with security in mind; following this basic
> algorithm:
>
>
onsidered secure enough to sudo a bash
script like your sucpaliases? Or should a C equivalent be written
instead?
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.wards.net/~bill/
-
I
leges, copy the temp file to the final location.
Does such a beast exist? If not, I think it should. It should
probably obey the /etc/alternatives preferences for editors, too.
--Bill.
--
William R Ward[EMAIL PROTECTED] http:/
William R Ward <[EMAIL PROTECTED]> writes:
> Is there any kind of wrapper that can be used to allow sudo to grant
> editing access to only one file? I am thinking of something similar
> to vipw or visudo, but with security in mind; following this basic
> algorithm:
>
>
leges, copy the temp file to the final location.
Does such a beast exist? If not, I think it should. It should
probably obey the /etc/alternatives preferences for editors, too.
--Bill.
--
William R Ward[EMAIL PROTECTED] http:/
s you could confirm it that way.
It's not perfect, but given the policies you have to live with, it may
be the only type of solution you can come up with.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.wards
s you could confirm it that way.
It's not perfect, but given the policies you have to live with, it may
be the only type of solution you can come up with.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.wards
" code suggests that they succeeded. Add something like this
to your httpd.conf to block these. (Delete the "allow" part if you
don't want proxying at all; if you do, change the IP addresses to
whatever is appropriate for your system.)
order deny,allow
deny fr
ot; code suggests that they succeeded. Add something like this
to your httpd.conf to block these. (Delete the "allow" part if you
don't want proxying at all; if you do, change the IP addresses to
whatever is appropriate for your system.)
order deny,allow
deny from
en :)
The trouble is, unstable packages tend to rely on a new version of
things like libc6 and other important shared libraries that I don't
want to upgrade because it would destabilize the whole system.
What I'd like to see is some kind of "snapshot" status where it was
linked agai
en :)
The trouble is, unstable packages tend to rely on a new version of
things like libc6 and other important shared libraries that I don't
want to upgrade because it would destabilize the whole system.
What I'd like to see is some kind of "snapshot" status where it was
linked agai
Olaf Meeuwissen writes:
>[EMAIL PROTECTED] (William R. Ward) writes:
>
>> One way to test if you have been hacked is to run an MD5 checksum of
>> key binaries and look to see if it's been replaced by the intruder.
>> Is there any place where the MD5 sums of individual
Olaf Meeuwissen writes:
>[EMAIL PROTECTED] (William R. Ward) writes:
>
>> One way to test if you have been hacked is to run an MD5 checksum of
>> key binaries and look to see if it's been replaced by the intruder.
>> Is there any place where the MD5 sums of individual
ained?
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
ained?
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
--
To UNSUBSCRIBE, email to [EMA
Mike Dresser writes:
>"William R. Ward" wrote:
>
>> I've replaced the legit usernames and IP's with "xxx" but left them in
>> for context. I'm worried that the "date" entries are a consequence of
>> some hacker activity, but
of Debian, with a
2.2.17 kernel.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
Mike Dresser writes:
>"William R. Ward" wrote:
>
>> I've replaced the legit usernames and IP's with "xxx" but left them in
>> for context. I'm worried that the "date" entries are a consequence of
>> some hacker activity, but
of Debian, with a
2.2.17 kernel.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
--
To
;s not really common, but it's not unusual for sites that have a lot
of mailing lists to run a news server in this way, and I'm sure some
of the software for it is already part of Debian.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
-
"Those are my principles. If you don't like them I have others."-Groucho Marx
mon, but it's not unusual for sites that have a lot
of mailing lists to run a news server in this way, and I'm sure some
of the software for it is already part of Debian.
--Bill.
--
William R Ward[EMAIL PROTECTED] http://www.bayview.com/~hermit/
--
nch, and as long as I
periodically ran dselect and [U]pdated and [I]nstalled the updates,
I'd be covered. Since this appears to not be the case, is there
something that can be done to make this fact more readily apparent to
users?
--Bill.
quot; branch, and as long as I
periodically ran dselect and [U]pdated and [I]nstalled the updates,
I'd be covered. Since this appears to not be the case, is there
something that can be done to make this fact more readily apparent to
users?
--Bill.
32 matches
Mail list logo
