Re: SECURITY PROBLEM: autofs [all versions]

ng a little overboard here... ;) Heck no, wire the MGs to CTRL+ALT+Delete, and to the reset button. The level of security gained far outweighs the tiny number of casualties from Linux actually hanging and needing a reboot :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] ,

Re: Speaking of broadcasts, is this a security threat?

Packet log: input DENY eth0 PROTO=17 > > > > -This was a TCP packet > > Wrong, it was UDP. RFC 1700 can help here. or /etc/protocols. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PRO

Re: SecurityPortal Review of Potato

want to cook up some hack (not crack) and use it for something, but I don't want to have it running all the time. I can remove the symlinks from /etc/rc2.d, but when the package is upgraded, the upgrade script runs the start script after the upgrade, even if the daemons weren't running be

Re: possible security flaw in screen 3.9.5-9

f the disk reserved, so you could fill it to that point (or as far as your quota allowed) and wait for normal log activity to fill the rest of the disk. > -- > Ethan Benson > http://www.alaska.net/~erbenson/ -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) &q

Re: ICMP Source routed packets

rotocol on the level of UDP or TCP. It is sent inside IP. Thus, a source routed ICMP packet _is_ a source routed IP packet. Obviously, the answer to your question is that it will apply. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man w

Re: GNOME'e nterm service: use lsof to find what PID

les (sockets in this case) that have a port number of 1026. It also tells you what PID and command own the file. This is what you really want to know. Let us know what program is actually listening here. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods co

Re: GNOME'e nterm service: use lsof to find what PID

On Sat, Oct 21, 2000 at 03:09:20AM -0300, Peter Cordes wrote: > On Thu, Oct 19, 2000 at 05:32:47PM +, Jim Breton wrote: > > On Thu, Oct 19, 2000 at 11:55:55AM +0100, Sergio Brandano wrote: > > > -- Description of Bug > > > GNOME-SESSION makes available the "nt

Re: Postfix is spammer-friendly by default on potato and woody

s for holes.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus

Re: I want to try something for freedom.

It is supposedly documented in an RFC about NMB. Microsoft doesn't adhere to that standard, so the challenge is that the protocol is really convoluted and hard to deal with, not that there are any legal obstacles. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca)

Re: restricted bash (rbash)

, and just want to protect them from themselves, more or less, restricted shell is the way to go. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up

Re: task-unstable-security-updates?

#x27;t any security critical things (except for local-user stuff, which I don't bust my butt about since the only people who have accounts are my family, and they have physical access anyway. (err, also there's the fact that I trust them:) ) Happy hacking. -- #define X(x,y) x##y Pe

Re: [SECURITY] New version of ghostscript released

I notice that this list includes dpkg! Somebody should have a look... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and

Temp file attack auditing

On Thu, Nov 23, 2000 at 05:50:06PM -0500, Daniel Burrows wrote: > On Thu, Nov 23, 2000 at 06:35:54PM -0400, Peter Cordes <[EMAIL PROTECTED]> was >heard to say: > > > ghostscript uses temporary files to do some of its work. Unfortunately > > > the method used to cr

Re: [OT?] Replacing hacked binaries

on ls are to make it not do anything more than verify existence. (it uses lstat). I use \ls so bash doesn't alias expand it. (I think my system was trying to tell me something, since one of the missing files is /sbin/hdparm itself :) Happy hacking, -- #define X(x,y) x##y Peter Cordes ; e-m

Re: System log monitor

x27;s a good idea. It wouldn't eliminate the work, but would make lessen it. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, t

Re: System log monitor

t log message formats, which is probably a good thing. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so

Re: Debian audititing tool?

n in October 1995. MD5 isn't looking as secure as it used to. I think a signed database of stuff that's supposed to be in Debian, and a decent way to make a bootable CD that downloads what it needs, and checks what's on your drive, is a good start. If the MD5 sum lists are sign

Re: Debian audititing tool?

's why you run the checker from a known-good floppy or CD. The bogus kernel can't protect itself if it isn't running :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours!

Re: Debian audititing tool?

On Fri, Dec 22, 2000 at 11:05:32PM -0900, Ethan Benson wrote: > On Fri, Dec 22, 2000 at 05:54:55PM -0400, Peter Cordes wrote: > > > > That's why you run the checker from a known-good floppy or CD. The bogus > > kernel can't protect itself if it isn't runn

Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)

ngs won't help. (Debian's package scripts usually leave the /boot symlinks broken when I remove a kernel package, even if it was totally obsolete and the links weren't pointing to any files from that package...) Your best bet is to look at the symlinks yourself, and get them pointing to

[OT: humour] Re: Securing Apache: vserver or chroot ?

ion3121/billgates.html. There are a lot of other funny pages that I found with http://www.google.com/search?q=bill+gates+character+sheet, like http://www.lanceandeskimo.com/brothers/bill.shtml) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the

Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse

ades, removals, and reinstalls of the xaos package. (--update tells statoverride to effect the change itself.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in

Re: XFree86 4.2 bug in Debian Testing

you, then whatever, do what's easiest for you, but if you're going to go to the trouble of learning how to jump through a hoop to get X working, pick the right hoop!) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first fou

Re: spam

le block charsets that that are only used by languages they don't understand? Your message is US/ASCII... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in th

Re: Fwd: Apache Security Vulnerabilities on IRIX

to claim you do a good job is bad. (don't forget to multiply by the ratio of work needed to use apt (really easy :)/work needed to use windows update (half the time you need to reboot)) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the m

Re: unsubscribe

> *Subject: unsubscribe > AND { > * ^X-Mailing-List: > OR > * ^X-Mailing-List: > } > > > Anyone...? How about: :0: * ^Subject: (un)?subscribe$ unsub-idiots -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the ma

Re: Odd iptstate entry

entry (especially with that TTL, which > is slowly counting down, unlike the two outgoing ones) from an ssh > session I had over the weekend, but I logged out cleanly (I thought). I > have heard of rootkits that hide their tracks from ps and such, but over > ssh? Probably someone

Re: X Security Issues? [SOLVED]

7;s sub-optimal, but hard to fix without changing the expected behaviour of some programs. (Either making xinit look for xserverrc, or making X symlink point to a script instead of the server (actually, to Xwrapper, I think).) simple answer: just use startx or *DM unless you want to customize your

Re: DHCP - rootkit

be secure. i.e. Nobody can modify a binary so that it has different contents but the same MD5 hash, unless they are _very_ _very_ lucky. The task becomes even more difficult if you check the length of the file as well as the hash. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED

Re: I'm searching for a network wide system update tool

forms the packages update procedure. > > Anyone has allready written a script like the one described above or > maybe knows an allready existing application which could perform this > task? Thanks. Here's a bash script I wrote that starts a given command on all workstations at school (on

Re: Question about snort binaries..

stable, you could build them from source too. Sometimes that's more trouble than it's worth just to try out a package! -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: raw disk access

k sizes results in fewer system calls, and probably lower CPU overhead, though. I usually use dd bs=1024k.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: Sarge freeze and security updates

known security holes move into testing is obviously bad under all circumstances, right? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a su

Re: Sarge freeze and security updates

On Mon, Feb 24, 2003 at 11:11:43AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > On Mon, 2003-02-24 at 11:06, Peter Cordes wrote: > > On Mon, Feb 24, 2003 at 10:13:57AM +0100, Adrian 'Dagurashibanipal' von > > Bidder wrote: > > > Now, foo 1.4-

Re: [work] Integrity of Debian packages

ssible, it's a Good Thing, and it's not prohibitively difficult (at least not for a reasonable level of security). I really hope sarge will do by default. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out

Re: Way off topic: Hijacked airplanes and the no-good US govt

p3s: http://www.fair.org/counterspin/mp3.html. I guess I'd better stop now, because debian-security isn't really about this kind of security. Sorry to fill up your mailboxes with this stuff, but it's important. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: [work] Integrity of Debian packages

ecause I know that wouldn't actually prevent a police state.) The thing you have to remember is that some of the things put into place will hit some people more than others. You might not want to visit relatives in Afghanistan, but some people do. Giving up their freedom for your safet

Re: Review: sect. 4.16.2 of the Securing Debian manual

to disable loadable modules for that to be bulletproof. (unless the commonly used rootkits already do this, it would slow down an attacker and cause them to make more noise.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first

Re: [SECURITY] [DSA 265-1] -- BAD SIGNATURE !?

un, then that is much more serious. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: Fwd: Syscall implementation could lead to whether or not a file exists

ed. The typo rendered this sentence meaningless, but I'm feeling charitable today :) > Thanks, > Andrew Griffiths > -- > Attention: Public floggings will continue until morale improves. > > MidWay_/#melb-wireless licks txrxafk while his defenses are down. > Oh boy. That cou

Re: Could sudo be an security issue?

sing logcheck (or similar), right? > In short: I also think you're using sudo correctly, but you need to be aware > that all of the admin accounts are probably root equivalent, even without > sudo. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "T

Re: Keeping files away from users

it to get the key is the same amount of work as finding out what it's XORed with, unless they figure it out from known-plaintext (the GZIP header). Make sure your pattern's not too short, so they have to disassemble the kernel or ask you for the source. If you know who's asking for

Re: Keeping files away from users

s "illegal" to watch it on a GNU system... You don't want to make your clients feel like you think they're criminals, or your adversaries. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to disting

Re: 1/2 Price Omaha Steaks Plus 3 FREE Gifts!

was a message advertising something Linux-related, sent by someone reputable (don't remember who, or what they were advertising, since I wasn't in the market for it at the time). The message explained that the fee had been payed ahead of time. I'm not sure if Debian's ever mana

Re: [SECURITY] [DSA-320-1] New mikmod packages fix buffer overflow

ide > an archive file can overflow a buffer when the archive is being read > by mikmod. > > For the stable distribution (woody) this problem has been fixed in > version 3.1.6-4woody3. Is libmikmod2 affected by this? xmms uses it. -- #define X(x,y) x##y Peter Cordes ; e-mail: X(

Re: Strongest linux

ed for the "best". IMHO best means good security for the amount of effort it takes to set up, plus stable, reliable, well documented, etc. Some of the other options probably meet those criteria, but I wouldn't know, not having looked at them. All I can do is say that I'm happy

Re: Strongest linux - kernel patches

7;t belong on deb-sec. Further discussion about politics, rather than specifically about selinux, should probably happen on a newgroup like alt.impeach.bush, for example. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found o

Re: Strongest linux - kernel patches

ep on trying to merge the two patches > together. Luckily, that's a solved problem. Con Kolivas's -ck3 patch for 2.4.21 includes grsecurity and XFS. (I didn't mention it before because I didn't realize it was significant. (I'm not using ACLs).) Con's webpage is http://me

Re: Strongest linux - kernel patches

0.0 0.0 00 ?RW Jul02 0:08 [kswapd] (I don't use my machine constantly, so it probably doesn't swap as much as a desktop used all day.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to di

Re: configure ssh-access

.222.*. (It listens on ipv6, so v4 connections are seen as coming from v4-mapped addresses.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: configure ssh-access

the real world, to back up the extreme paranoia in the virtual world. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: configure ssh-access

(I'm replying to the list, hope you don't mind.) On Thu, Jul 10, 2003 at 01:52:13PM +0200, Christian Kurz wrote: > On [09/07/03 16:12], Peter Cordes wrote: > > On Mon, Jul 07, 2003 at 07:38:17PM +0200, Fran?ois TOURDE wrote: > > > Le 12240i?me jour apr?s Epoch, &

Re: execute permissions in /tmp

http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html http://developers.slashdot.org/article.pl?sid=02/10/19/1233250 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound h

Re: execute permissions in /tmp

hich entails some complications that a noexec /tmp wouldn't) for clues: http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html Happy hacking, -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out

Re: execute permissions in /tmp

On Sun, Jul 13, 2003 at 01:33:52AM -0400, Noah L. Meyerhans wrote: > On Sat, Jul 12, 2003 at 11:43:02PM -0300, Peter Cordes wrote: > > This is at least the third time this has come up that I remember. > > However, > > absolute statements like *can not* get me thinking:

Re: execute permissions in /tmp

mount flag, or integrating with TPE would make it easier to get started with. Otherwise, you'd have to make sure all libraries on the system were chmod +x, and check every new software package you installed.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) &

Re: execute permissions in /tmp

ce files that don't contain machine code wouldn't need to be mapped with PROT_EXEC. In fact, I straced perl, and it uses read(2) instead of mmap(2) to load the code. Unless grsec is really clever, perl programs would still work, by running /usr/bin/perl /tmp/foo.pl, as long as you can re

Re: How to reduce sid security

If you really don't care about security, you can just install rlogin. I always use ssh even on my trusted LAN at home (except for big file transfers) because one tool for everything is easier. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound

Re: Accounts for client programs

t (i.e. noticeably) to statically link in enough X library stuff to send keystrokes to other windows, etc.) Still, that's not the sort of thing a virus would usually do. It's more along the lines of what someone attacking you, personally, might try. (esp. after reading your message... :] --

Re: Debian Stable server hacked

the IP address for those did not receive id connections inside your site, or does it belong to an ISP somewhere, or what? If it's a local address, and not a computer lab, that might give you some clues about whose door to knock on... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL

Re: How to reduce sid security

made, so it didn't even get to the point of trying to authenticate with xauth. BTW, ssh -X sets up xauth correctly. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, t

Re: Debian + Verisign's .com/.net hijack

com kjlasjlasdf.com A 64.94.110.11 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day

Re: bugs #212357 and #212358: could we have a 'deprecated' priority?

indicate the quality of the package, like not-working, alpha, beta, or stable. Err, I'm probably not the first person to have said the above, probably just the first to clutter up deb-sec with it, so I suppose I should really go search the deb-devel archives to see if anyone has any plans ab

Re: services installed and running "out of the box"

t; init.d/dhttpd file name. > > What is so difficult? No web server is installed by default. If you don't > want one, don't install one. Dependencies. I've had the same annoying experience as Dale. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca)

Re: The same debian - different packages

http://security.debian.org woody/updates/main Packages > 1:3.4p1-1 0 > 500 http://http.us.debian.org woody/main Packages > > We can see the differences. But how to change it ? Try apt-get install ssh/stable. That should force a downgrade to the stable version. --

Re: Verisign again...

.hrz.uni-bielefeld.de A 129.70.4.66 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly in

Re: The same debian - different packages

g like this? (I never use dselect) Is that what dpkg --forget-old-unavail is for? Maybe --clear-avail? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this p

Re: How efficient is mounting /usr ro?

dmins do. If a particular system would really benefit from it, the admin probably just needs to see the idea mentioned, not see a big list of effects on systems in general. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found ou

Re: passwd character limitations

ked ttys. (Maybe you could stty raw < /dev/pts/x, from another session, type your password, and then stty cooked < /dev/pts/x.) > but there shouldn't be any limits on the input to the hash > function whose output is stored in the shadow file.[0] -- #define X(x,y) x##y Peter Cor

Re: Q. Should one mirror debian.security.org? Good or Bad Idea?

Anyway, it seems to work, and packages only get downloaded once. I know that apt does enough locking that NFS sharing /var/cache/apt is safe. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours

Re: What will be old configurations if new kernel installed

.old, if any. There won't be one if you only have one kernel-image package installed (and you haven't manually changed the symlinks). lilo skips entries that are marked as optional when the kernel file isn't there. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTE

Re: 2.6.1 CryptoAPI woes

vice. However, if the underlying filesystem preserves data ordering, it can satisfy the requirements of the journaling filesystem that's on top of it. I'm not sure if you need data=journal on the underlying filesystem for data=journal on the loopback filesystem to make sense, but I don

Re: 2.6.1 CryptoAPI woes

on. (ext3 is fine, but you need to patch reiserfs for ordered data.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and

Re: Crypto-Swap questions

ou wouldn't have to worry about crap like that. :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so

Re: Web based password changer

at's correct, you can't just use chpasswd. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day

Re: Probem with openssh and pam modules

an go into testing, and later become stable. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretched

Re: harden-clients idea

revent people from blithely using telnet without having any idea that it's bad. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial,

Re: DHCP - rootkit

be secure. i.e. Nobody can modify a binary so that it has different contents but the same MD5 hash, unless they are _very_ _very_ lucky. The task becomes even more difficult if you check the length of the file as well as the hash. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED

Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse

ades, removals, and reinstalls of the xaos package. (--update tells statoverride to effect the change itself.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in

Re: XFree86 4.2 bug in Debian Testing

you, then whatever, do what's easiest for you, but if you're going to go to the trouble of learning how to jump through a hoop to get X working, pick the right hoop!) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first fou

Re: spam

le block charsets that that are only used by languages they don't understand? Your message is US/ASCII... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in th

Re: Fwd: Apache Security Vulnerabilities on IRIX

to claim you do a good job is bad. (don't forget to multiply by the ratio of work needed to use apt (really easy :)/work needed to use windows update (half the time you need to reboot)) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the m

Re: unsubscribe

> *Subject: unsubscribe > AND { > * ^X-Mailing-List: <[EMAIL PROTECTED]> > OR > * ^X-Mailing-List: <[EMAIL PROTECTED]> > } > > > Anyone...? How about: :0: * ^Subject: (un)?subscribe$ unsub-idiots -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMA

Re: Odd iptstate entry

entry (especially with that TTL, which > is slowly counting down, unlike the two outgoing ones) from an ssh > session I had over the weekend, but I logged out cleanly (I thought). I > have heard of rootkits that hide their tracks from ps and such, but over > ssh? Probably someone scanne

Re: X Security Issues? [SOLVED]

7;s sub-optimal, but hard to fix without changing the expected behaviour of some programs. (Either making xinit look for xserverrc, or making X symlink point to a script instead of the server (actually, to Xwrapper, I think).) simple answer: just use startx or *DM unless you want to customize your

Re: I'm searching for a network wide system update tool

forms the packages update procedure. > > Anyone has allready written a script like the one described above or > maybe knows an allready existing application which could perform this > task? Thanks. Here's a bash script I wrote that starts a given command on all workstations at school (on

Re: Question about snort binaries..

stable, you could build them from source too. Sometimes that's more trouble than it's worth just to try out a package! -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confou

Re: raw disk access

k sizes results in fewer system calls, and probably lower CPU overhead, though. I usually use dd bs=1024k.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in thi

Re: Sarge freeze and security updates

known security holes move into testing is obviously bad under all circumstances, right? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundia

Re: Sarge freeze and security updates

On Mon, Feb 24, 2003 at 11:11:43AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > On Mon, 2003-02-24 at 11:06, Peter Cordes wrote: > > On Mon, Feb 24, 2003 at 10:13:57AM +0100, Adrian 'Dagurashibanipal' von Bidder > > wrote: > > > Now, foo 1.4-

Re: [work] Integrity of Debian packages

ssible, it's a Good Thing, and it's not prohibitively difficult (at least not for a reasonable level of security). I really hope sarge will do by default. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out

Re: Way off topic: Hijacked airplanes and the no-good US govt

p3s: http://www.fair.org/counterspin/mp3.html. I guess I'd better stop now, because debian-security isn't really about this kind of security. Sorry to fill up your mailboxes with this stuff, but it's important. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] ,

Re: [work] Integrity of Debian packages

ecause I know that wouldn't actually prevent a police state.) The thing you have to remember is that some of the things put into place will hit some people more than others. You might not want to visit relatives in Afghanistan, but some people do. Giving up their freedom for your safet

Re: Review: sect. 4.16.2 of the Securing Debian manual

to disable loadable modules for that to be bulletproof. (unless the commonly used rootkits already do this, it would slow down an attacker and cause them to make more noise.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first

Re: [SECURITY] [DSA 265-1] -- BAD SIGNATURE !?

un, then that is much more serious. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into sma

Re: Keeping files away from users

get the key is the same amount of work as finding out what it's XORed with, unless they figure it out from known-plaintext (the GZIP header). Make sure your pattern's not too short, so they have to disassemble the kernel or ask you for the source. If you know who's asking for the

Re: Keeping files away from users

s "illegal" to watch it on a GNU system... You don't want to make your clients feel like you think they're criminals, or your adversaries. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to disting

Re: 1/2 Price Omaha Steaks Plus 3 FREE Gifts!

was a message advertising something Linux-related, sent by someone reputable (don't remember who, or what they were advertising, since I wasn't in the market for it at the time). The message explained that the fee had been payed ahead of time. I'm not sure if Debian's ever mana

Re: [SECURITY] [DSA-320-1] New mikmod packages fix buffer overflow

ide > an archive file can overflow a buffer when the archive is being read > by mikmod. > > For the stable distribution (woody) this problem has been fixed in > version 3.1.6-4woody3. Is libmikmod2 affected by this? xmms uses it. -- #define X(x,y) x##y Peter Cordes ; e-mail: X(

Re: Accounts for client programs

t (i.e. noticeably) to statically link in enough X library stuff to send keystrokes to other windows, etc.) Still, that's not the sort of thing a virus would usually do. It's more along the lines of what someone attacking you, personally, might try. (esp. after reading your message... :] --

  1   2   3   4   5   >