Linux-Misc Digest #258, Volume #27 Thu, 1 Mar 01 02:13:02 EST
Contents:
Re: HOW TO make a user an administrator of a group or single user (Vincent Zweije)
Re: Abuse, step by step
upgrade xfree86 in redhat 6.2 ("Wong Ching Kuen Frederick")
Re: Mircosoft Tax (Brent Pathakis)
Re: bash: scp: command not found (but...) (Bob Hauck)
Re: Pipes (Dan Anderson)
Re: Newbie: Best information channels... (John Hasler)
Re: Linux partitioning question ("Cjv")
Re: Problem of iptables -- Can't load modules (Paul Kimoto)
Re: Regular Expression Syntax Limitation? ("John W. Krahn")
Re: Newbie: Best information channels... (Brent Pathakis)
suidperl - where the hell is it? (Ken Williams)
Re: Installing windows 2000 ("Jack Kaufmann")
Re: Newbie: Best information channels... ([EMAIL PROTECTED])
Re: wrong filerights (Benjamin Stocker)
Re: wrong filerights ("green")
Re: bash: scp: command not found (but...) (Scott Alfter)
----------------------------------------------------------------------------
From: Vincent Zweije <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux,comp.os.linux,comp.os.linux.admin,comp.os.linux.networking,comp.os.linux.security
Subject: Re: HOW TO make a user an administrator of a group or single user
Date: 28 Feb 2001 13:04:42 +0100
* Followups to comp.os.linux.admin and comp.os.linux.security
In article <97fqru$iht$[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
|| In comp.os.linux.admin David E. Smith <[EMAIL PROTECTED]> wrote:
|| > In our last shocking episode of comp.os.linux.admin,
|| > [EMAIL PROTECTED] revealed a dark secret:
||
|| >> You don't have to write a suid program, just an ordinary program.
||
|| >> Then let sudo exec it (whenever it fills sudo's rules)
|| >> This way your mistakes in the additional program is less security
|| >> hazardeous.
||
|| > But then we're back to having to maintain a reasonably complex `sudoers'
|| > file, which I perceive as problematic, and potentially even more
|| > dangerous.
||
|| You are missing my point. Make the program that does the validation, but
|| don't do it setuid. Leave that to sudo.
||
|| Sudoers will only have rules for who is allowed to run the "program", the
|| inner complexity of the "program" is done there.
||
|| This way you will not be affected with buffer overflows etc in the
|| "program" since only selected users will be allowed to run it setuid.
This is not a correct statement; buffer overflows in non-suid programs
can be exploited.
Basically, you're relying on trust in the administrating users not to
try and crack the "program" and get root privileges through having it
executed by sudo. This will go a long way, but it still won't scale
well when you get too many administrating users.
A "reasonably complex sudoers file", as David Smith wrote, indicates that
the number of sodoers has grown to beyond what you can handle by trust.
When there are too many users to trust each one, you must account for
the fact that one of them might try to crack the "program" while being
executed with root rights through sudo. Therefore, you *must* worry
about buffer overflows and all that.
Apart from that, one of the users' accounts may have been compromised,
and key logging programs installed. It doesn't have to be the user
himself who does the dirty deed.
Ciao. Vincent.
--
Vincent Zweije <[EMAIL PROTECTED]> | "If you're flamed in a group you
<http://www.xs4all.nl/~zweije/> | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] | -- Paul Tomblin on a.s.r.
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Abuse, step by step
Date: Thu, 01 Mar 2001 04:30:05 -0000
Sorry for my brief post.
Yes, Abuse is that shoot-em-up game. You can download it from
download.com. I cannot figure out how to run it, nor any other program
that comes in a tar.gz file. I cannot give you an exact error message
because I have NO clue what to do.
Thanks again,
James
--
Posted via CNET Help.com
http://www.help.com/
------------------------------
From: "Wong Ching Kuen Frederick" <[EMAIL PROTECTED]>
Subject: upgrade xfree86 in redhat 6.2
Date: Thu, 1 Mar 2001 12:37:59 +0800
i want to upgrade the xfree86 from 3.3.6 to 4.0.1 in my redhat 6.2 box.
however, i get a bunch of failed dependencies. can anyone give me some good
suggestion?!
[root@xyz RPMS]# rpm -Uvh XFree86-4.0.1-1.i386.rpm
XFree86-xfs-4.0.1-1.i386.rpm XFree86-libs-4.0.1-1.i386.rpm
initscripts-5.49-1.i386.rpm ncurses-devel-5.1-2.i386.rpm
ncurses-5.1-2.i386.rpm modutils-2.3.14-3.i386.rpm glibc-2.1.92-14.i686.rpm
error: failed dependencies:
rpm <= 4.0-0.65 conflicts with glibc-2.1.92-14
libncurses.so.4 is needed by info-4.0-5
libncurses.so.4 is needed by procps-2.0.6-5
libncurses.so.4 is needed by bc-1.05a-5
libncurses.so.4 is needed by ftp-0.16-3
libncurses.so.4 is needed by gdb-4.18-11
libncurses.so.4 is needed by git-4.3.19-2
libncurses.so.4 is needed by gpm-1.18.1-7
libncurses.so.4 is needed by ispell-3.1.20-25
libncurses.so.4 is needed by kdebase-1.1.2-33
libncurses.so.4 is needed by less-346-2
libncurses.so.4 is needed by linuxconf-1.17r2-6
libncurses.so.4 is needed by ncftp-3.0beta21-4
libncurses.so.4 is needed by pine-4.21-8
libncurses.so.4 is needed by python-1.5.2-13
libncurses.so.4 is needed by screen-3.9.5-4
libncurses.so.4 is needed by talk-0.16-4
libncurses.so.4 is needed by telnet-0.16-6
libncurses.so.4 is needed by util-linux-2.10f-7
xpm is needed by xpm-devel-3.4k-2
libdb.so.2 is needed by chkfontpath-1.7-2
libdb.so.2 is needed by gnome-libs-1.0.55-12
libdb.so.2 is needed by gnome-linuxconf-0.25-2
libdb.so.2 is needed by gpgp-0.4-2
libdb.so.2 is needed by kpackage-1.3.10-3
libdb.so.2 is needed by libglade-0.11-1
libdb.so.2 is needed by memprof-0.3.0-4
libdb.so.2 is needed by passwd-0.64.1-1
libdb.so.2 is needed by pygnome-1.0.51-1
libdb.so.2 is needed by python-1.5.2-13
libdb.so.2 is needed by rpm-build-3.0.4-0.48
libdb.so.2 is needed by rpm-python-3.0.4-0.48
libdb.so.2 is needed by wmconfig-0.9.8-1
libdb.so.2 is needed by rpm-3.0.5-9.6x
libdb.so.2(GLIBC_2.0) is needed by gnome-libs-1.0.55-12
libdb.so.2(GLIBC_2.0) is needed by python-1.5.2-13
libdb.so.2(GLIBC_2.0) is needed by rpm-3.0.5-9.6x
libdb.so.3 is needed by perl-5.00503-10
libdb.so.3 is needed by python-1.5.2-13
libdb.so.3 is needed by sendmail-8.9.3-20
libdb.so.3 is needed by pam-0.72-20
libdb.so.3(GLIBC_2.0) is needed by perl-5.00503-10
libdb.so.3(GLIBC_2.0) is needed by python-1.5.2-13
libdb.so.3(GLIBC_2.0) is needed by pam-0.72-20
libdb.so.3(GLIBC_2.1) is needed by perl-5.00503-10
libdb.so.3(GLIBC_2.1) is needed by sendmail-8.9.3-20
------------------------------
From: Brent Pathakis <[EMAIL PROTECTED]>
Subject: Re: Mircosoft Tax
Crossposted-To:
alt.destroy.microsoft,alt.linux.sux,alt.os.linux.mandrake,comp.os.linux.advocacy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 01 Mar 2001 04:38:18 GMT
Donovan Rebbechi wrote:
> On Thu, 01 Mar 2001 00:43:46 GMT, Bob Hauck wrote:
> >lOn 28 Feb 2001 03:19:11 GMT, Donovan Rebbechi <[EMAIL PROTECTED]> wrote:
> >>On Tue, 27 Feb 2001 19:12:09 GMT, Bob Hauck wrote:
> >> In other businesses, the market leader does not make their prices
> >> cheaper just because they can afford to.
> >
> >Right, they make them cheaper because there is competition. It is the
> >presence of competitors in the market that drives the price toward the
> >cost of production.
>
> But if they can use a price that is fairly competitive and still make
> a profit, why further reduce the price ? Microsoft's OEM licenses are
> already priced competitively.
>
> Linux box sets are in the same price ballpark. Considering that the
> software in the typical Linux distribution is free, the distributors
> would appear to have a big advantage over MS.
>
> >> They price their products in such a way that the prices are reasonably
> >> competitive (eg: $50- for an OEM license)
> >
> >Who, exactly, is Microsoft's competition for that OEM license? They do,
>
> Linux distributions, and other OS licenses go for around the same price.
>
> >in fact, have reasons to keep the price "reasonable", primarily to not
> >create incentives for competitors to get into the OS business. That
> >"reasonable" price might be considerably higher than it would be if
> >there were competitors.
>
> Baseless conjecture.
>
> >I'm not clear on why you think it is fair to compare the OEM price of
> >Windows with the retail price of a game. They are different products
> >that have different economics and are sold in different ways.
>
> I'm not. I'm pointing out that leaders in a market are not obliged to
> cut prices just because they're succesful. In a capitalist economy,
> succesful companies are supposed to make profit.
>
> >Do you happen to know what percentage of their revenue is from that?
> >How much do they charge for it?
>
> No, I don't. What I do know is that Id are vastly more succesful than
> other game software companies, which, by the argument put forth by the
> Linux zealots, obliges them to reduce their prices.
>
> > If you want to make a comparison
> >between id and MS, then I would think you'd want to compare the price of
> >this game engine to the OEM price of Windows,
>
> I don't want to do this. The correct comparison is between Id and a random
> game software company.
>
> > rather than comparing the
> >retail price of a game to the OEM price of Windows.
>
> I don't appear to have explained this very well.
>
> I am *not* comparing the price of a game with Windows.
>
> What I am doing is pointing out that game companies don't lower their
> prices just because they're doing well. And they're not obliged to
> do so.
>
> >I don't whine about the price of Windows, as I don't buy it. I do
> >observe that the retail price has been quite constant in spite of the
> >volume being much higher now than five or ten years ago. I can also
>
> My point is, so what ? The fact that they are succesful does not in any
> way oblige them to reduce their prices.
>
> >observe that Windows seems to be a higher percentage of the system cost
> >than it used to be.
>
> I think this is a very hard claim to support. It's certainly true if you
> compare todays budget system with yesterday's top of the line, but barring
> this sort of blatant intellectual dishonesty, it's not really true. Was
> Windows OEM really much less than $50- five years back ?
>
> > And I can observe that these don't seem to be quite
> >consistent with a competitive free market model, as the profit margins
> >MS makes imply that they are selling their product for far more than the
> >cost of production.
>
> This could mean a lot of things. It could mean, for example, that they are
> able to produce the same value at a lower cost of production. The fact
> that there are winners and losers is not inconsistent with a "competitive
> free market model".
>
> >One could make a case that Windows is reasonably priced by some critera,
> >which is apparently what you are doing, but how do you decide what's
> >"reasonable" other thay via subjective things such as "I don't mind
> >paying that much".
>
> Compare it with the price of other operating systems. It's in the same
> ballpark.
>
> > I think a case can be made that it could potentially
> >be cheaper if there were actual competition.
>
> $50- is already fairly cheap. I think you'd have a hard time making a
> case that the sales increase resulting from further reduction in price
> would justify the loss of per-sale revenue.
>
----snip----
You're referring to the price of an upgrade...the full version is about
$180. The way most people by OS's is pre-insstalled on a new system.
Bought that way, the price is a higher than than $180, and a lot higher
than the $50 you quoted..
------------------------------
From: [EMAIL PROTECTED] (Bob Hauck)
Subject: Re: bash: scp: command not found (but...)
Reply-To: bobh = haucks dot org
Date: Thu, 01 Mar 2001 04:43:57 GMT
On Wed, 28 Feb 2001 19:19:52 -0800, Noah Roberts <[EMAIL PROTECTED]> wrote:
>First, it is installed and in my path because it runs!
It is in your path when you're using an interactive shell. This will
probably not be the same as the path when you do a remote exec with ssh,
which is what scp actually does.
You probably need to build ssh with "configure --with-default-path=blah".
See the INSTALL file for details.
--
-| Bob Hauck
-| To Whom You Are Speaking
-| http://www.haucks.org/
------------------------------
From: Dan Anderson <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux,alt.solaris.x86,comp.unix.admin,comp.unix.aix,comp.unix.misc,comp.unix.shell
Subject: Re: Pipes
Date: Thu, 01 Mar 2001 04:46:58 GMT
Sounds like you want us to do your homework.
Lookup "FIFO" and "mknod" for starters.
Manoj K Krishnan <[EMAIL PROTECTED]> wrote:
>How to use pipes to communicate between tow child processes of a parent
>process. I would be glad if you explain briefly witha psuedocode.
>Thanks in advance,
>-Manoj.
-
Dan Anderson anderson
San Diego, - @ -
California, USA computer.org
------------------------------
From: John Hasler <[EMAIL PROTECTED]>
Subject: Re: Newbie: Best information channels...
Date: Thu, 1 Mar 2001 03:57:02 GMT
Chris Czeyka writes:
> What are your best and quickest information channel to get problems
> quickly solved?
> How about IRC...
I tried monitoring the Debian IRC channel a few times. Complete chaos. I
can't imagine how anyone can accomplish anything on IRC.
> ...or other good Internet discussion boards?
You mean Web "boards"? They seem like awkward imitations of Usenet.
Mailing lists are quite useful, though.
--
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin
------------------------------
From: "Cjv" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.hardware
Subject: Re: Linux partitioning question
Date: Wed, 28 Feb 2001 20:56:40 -0800
Thank you very much, occasionally RTFM isnt enough, and its nice when
somebody takes the time to explain.
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (Paul Kimoto)
Subject: Re: Problem of iptables -- Can't load modules
Date: 28 Feb 2001 23:55:21 -0500
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Carfield Yim wrote:
>> You are trying to load a module that doesn't exist.
>>
>> $ ls /lib/modules/2.4.2/kernel/net/ipv4/netfilter
>> ip_conntrack.o ipt_MARK.o ipt_limit.o ipt_tos.o
>> ip_conntrack_ftp.o ipt_MASQUERADE.o ipt_mac.o ipt_unclean.o
>> ip_nat_ftp.o ipt_REDIRECT.o ipt_mark.o iptable_filter.o
>> ip_tables.o ipt_REJECT.o ipt_multiport.o iptable_mangle.o
>> ipt_LOG.o ipt_TOS.o ipt_state.o iptable_nat.o
> You mean I should load ip_tables ?
I guess so. It would depend on what you're trying to do, of course.
References:
http://netfilter.kernelnotes.org/unreliable-guides/packet-filtering-HOWTO/
http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO/
--
Paul Kimoto
This message was originally posted on Usenet in plain text. Any images,
hyperlinks, or the like shown here have been added without my consent,
and may be a violation of international copyright law.
------------------------------
From: "John W. Krahn" <[EMAIL PROTECTED]>
Subject: Re: Regular Expression Syntax Limitation?
Date: Thu, 01 Mar 2001 04:52:19 GMT
Adam Warner wrote:
>
> Hi all,
>
> I've been trying to use grep to filter a file whenever it says Copyright
> [some name other than Microsoft].
>
> I thought this expression syntax might be appropriate:
>
> 'opyright.*[^M][^i][^c][^r][^o][^s][^o][^f][^t]'
>
> However this still finds strings that are Copyright ... Microsoft (e.g.
> Copyright (c) 1997 - 1999 Microsoft Corporation). This makes sense
> because, for example, " (c) 1997" doesn't match "Microsoft".
>
> Any advice about how to approach this situation differently?
$ perl -n0777 -e '/(?i:copyright).*?(?!Microsoft)/ and print "$ARGV\n"'
*
John
------------------------------
From: Brent Pathakis <[EMAIL PROTECTED]>
Subject: Re: Newbie: Best information channels...
Reply-To: [EMAIL PROTECTED]
Date: Thu, 01 Mar 2001 05:05:29 GMT
Chris Czeyka wrote:
> Short and philosophical question:
>
> What are your best and quickest information channel to get problems
> quickly solved?
>
> okay.. this newsgroup.. of course.
>
> How about IRC or other good Internet discussion boards?
>
> just curious,
> best regards,
> Chris
Couple of suggestions...
www.linuxnewbie.org .. always has some good info.
If you're using Linux-mandrake,
www.mandrakeuser.org
or
if you go to www.linux-mandrake.com
and click on support, the have a couple of mailing lists.
Hope this helps.
------------------------------
From: [EMAIL PROTECTED] (Ken Williams)
Crossposted-To: comp.os.linux.setup
Subject: suidperl - where the hell is it?
Date: Thu, 01 Mar 2001 05:39:41 GMT
I've looked eveywhere, I do not have suidperl on my system, freshmeat, osdn,
etc all do not have anything. Where can I get this?
------------------------------
From: "Jack Kaufmann" <[EMAIL PROTECTED]>
Subject: Re: Installing windows 2000
Date: Thu, 01 Mar 2001 05:39:16 GMT
Many thanks.
"D. Stimits" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Jack Kaufmann wrote:
> >
> > Any idea where I could find the Howto?
> >
> > "D. Stimits" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Jack Kaufmann wrote:
> > > >
> > > > I am running Linux (Redhat 7) and windows 98 on separate partitions,
> > with
> > > > LILO on the MBR. I would like to install Windows 2000 on a third
> > partition,
> > > > and I know it wants to take over the MBR. Can anyone give me any
> > guidance
> > > > re how to go about it? Thanks.
> > >
> > > There is an NT boot loader howto around somewhere, not sure where. The
> > > NT boot loader is the same as in Win 2K, and works quite nicely as the
> > > primary loader. It basically means installing lilo to a partition
> > > instead of MBR, then using dd to copy your partition boot record to a
> > > floppy, and then the floppy file to the Win 2k partition. Win 2k can
be
> > > pointed at that file and it will properly direct things over to linux.
> > > The NT boot loaders is one of the few reliable MS products I know of.
> > > FYI, you want to avoid support in linux for writing to NTFS, use
> > > read-only.
>
> I found a copy at LDP:
> http://www.linuxdoc.org/HOWTO/mini/Linux+NT-Loader.html
>
> The portion which talks about the details of getting boot sector info
> is:
> http://www.linuxdoc.org/HOWTO/mini/Linux+NT-Loader-5.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Newbie: Best information channels...
Date: Thu, 01 Mar 2001 06:26:45 GMT
Chris Czeyka <[EMAIL PROTECTED]> wrote:
> Short and philosophical question:
> What are your best and quickest information channel to get problems quickly
> solved?
in order of usefullness:
http://www.deja.com
http://www.geocrawler.com
http://www.google.com
and of course:
http://www.linuxdoc.org
for debian:
http://www.debianhelp.org
Start by just pasting a portion of your error message into the search field
of any of the above resources.
> okay.. this newsgroup.. of course.
> How about IRC or other good Internet discussion boards?
irc is next to useless unless you get lucky.
> just curious,
> best regards,
> Chris
------------------------------
From: [EMAIL PROTECTED] (Benjamin Stocker)
Crossposted-To:
comp.os.linux,comp.os.linux.help,comp.os.linux.questions,comp.os.linux.setup
Subject: Re: wrong filerights
Date: Thu, 01 Mar 2001 06:26:49 GMT
On Wed, 28 Feb 2001 19:05:45 GMT, <[EMAIL PROTECTED]> wrote:
>By mistake I changed the file owner and group under /etc (the whole tree under /etc
>infact...)
>and now I cannot start X if I'm not root, How do I get the default owner and group
>back ??
>
>/Peter
Most files have "-rw-r--r-- root root" but there are many exceptions: shadow,
smbpasswd, su1, etc. On some distros (SuSE), there are scripts to restore
permissions. You also should check the xserver logfile to find out what files
have insufficient perms.
------------------------------
From: "green" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux,comp.os.linux.help,comp.os.linux.questions,comp.os.linux.setup
Subject: Re: wrong filerights
Date: Thu, 1 Mar 2001 16:33:05 +1000
from /
chmod 777 etc -R
replace 777 with the right permishions.
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> By mistake I changed the file owner and group under /etc (the whole tree
under /etc infact...)
> and now I cannot start X if I'm not root, How do I get the default owner
and group back ??
>
> /Peter
>
>
>
>
> --
> Sent by tuxdev from hotmail in field com
> This is a spam protected message. Please answer with reference header.
> Posted via http://www.usenet-replayer.com/cgi/content/new
------------------------------
From: [EMAIL PROTECTED] (Scott Alfter)
Subject: Re: bash: scp: command not found (but...)
Date: Thu, 01 Mar 2001 07:01:34 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <[EMAIL PROTECTED]>,
Noah Roberts <[EMAIL PROTECTED]> wrote:
>First, it is installed and in my path because it runs!
Is it in /usr/local/bin or /usr/bin? /usr/local/bin isn't usually in the
path for stuff that gets run without being logged in. If you installed to
/usr/local/bin, create a symlink in /usr/bin and you should be all set.
_/_
/ v \
(IIGS( Scott Alfter (remove Voyager's hull number for email address)
\_^_/ http://salfter.dyndns.org
=====BEGIN PGP SIGNATURE=====
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6nfRRVgTKos01OwkRAvSiAKCFxc6fzD99a9GcfDjGqjLcCtZMWACePRo0
22UwFr1dH/A/LakMC8fW4II=
=At5n
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.misc.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
