can I circumvent this problem?
apt-get install equivs
--
Jamie Heilman http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution."
is your baby now, you wanna close that old
bug out? Ben never did and its pretty much moot now as that bad
package never made it into primetime.
--
Jamie Heilman http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality. Before we know the words
> Can someone clarify for me, please (not directly debian related, I know,
> but...) - the patches appear to only be to the chunk-encoding functions
> in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable?
its not just mod_proxy, apache was vulnerable regardless
--
Christian Hammers wrote:
> On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
> > its not just mod_proxy, apache was vulnerable regardless
> BTW: in the case that mod_proxy is not loaded: is it enough to just
> backport the get_chunk_size function from http_protocol
d
> hosts.allow ... ?
Obscuring your libwrap/tcpd configuration from your local users, at
the expense of allowing services to run as seperate, non-privileged
users is a bad idea. Privilege seperation provides a very tangible
benefit, obfuscated config files do not.
--
Jamie Heilman
fundamental
vulnerability to compromise at all (by which I mean if the services
you run and the configurations you run them with actually have
exploitable bugs in them or not), but hey, at least your users won't be
able to read those files. And thats, um, something.
--
Jamie Heilman
is increased infrastructure.
--
Jamie Heilman http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution."
-Sathington Willoughby
stem isn't that broken, stop trying
to fix it. There is no legitimate reason to jump through all these
hoops just to hide your tcp wrappers configuration from your local
users. If the requirements for your host dictate minimal access
rights use an access control system thats been designed t
Joe Moore wrote:
> Jamie Heilman wrote:
> > Joe Moore wrote:
> >> As to your later message:
> >> setgroups() and initgroups() are not necessary. Already UID telnetd
> >> is able to write to /var/run/utmp because of its membership in GID
> >> utmp.
&g
robably, to the lack
of cohesion behind the various movements. But as I mentioned before,
you'll probably want to examine subdomain from Wirex, SELinux, maybe
LIDS, RSBAC, and doubtless there are others, but I'd start with those.
--
Jamie Heilman http://audible.tr
> [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
> erroneous characters after protocol string: CONNECT
> mailb.microsoft.com:25 / HTTP/1.0
open proxy probe, standard Internet crapola,
http://www.monkeys.com/security/proxies/
Jamie Heilman wrote:
> > [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
> > erroneous characters after protocol string: CONNECT
> > mailb.microsoft.com:25 / HTTP/1.0
>
> open proxy probe, standard Internet crapola,
> http://www.monkeys.com/se
101 - 112 of 112 matches
Mail list logo
