/archive/1
Upstream/vendor patches are apparently available.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux
(which is exactly why I would want it).
Curious: an external movemail was working fine with Netscape4...
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Seems to me that the following solves the issue.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--- /usr/share/perl5/TWiki/Store/RcsWrap.pm.orig2005-04-13
12:33:16.0 +1000
? (Are they
knowledgeable to advise on your questions above?)
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
]:~$
should suitably freak them out.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
tags 147471 + patch
thanks
We at Maths.USyd have been using the following patch for this; sorry,
no patch for the man page.
(Should have been passed on to Debian years ago; my excuse is that I
took over management of the machine that uses this a short time ago.)
Cheers,
Paul Szabo [EMAIL
e1000_driver_name[] = e1000;
char e1000_driver_string[] = Intel(R) PRO/1000 Network Driver;
char e1000_driver_version[] = 5.2.52-k4;
char e1000_copyright[] = Copyright (c) 1999-2004 Intel Corporation.;
are quite old (so seem to be affected).
Cheers,
Paul Szabo [EMAIL PROTECTED] http
the problem and having to configure manually)?
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
the files/functions to change would be:
glibc-2.3.2/sunrpc/bindrsvprt.c bindresvport()
kernel-source-2.6.8/net/sunrpc/xprt.c xprt_bindresvport()
kernel-source-2.6.8/net/ipv4/tcp_ipv4.c tcp_v4_get_port()
kernel-source-2.6.8/net/ipv4/udp.c udp_v4_get_port()
Cheers,
Paul Szabo
I now observe the same thing in Ubuntu, after upgrading from
6.06 dapper to 6.10 edgy, e.g. with
p=`ps -fC Xorg`
time perl -e '$|=1; foreach $x (1..500) { print x foreach(1..$x); print
$x\n }'
echo $p; ps -fC Xorg
Funny...
Cheers,
Paul Szabo [EMAIL PROTECTED] http
,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
4096 228481 /root
Surely the directory /root should not be left open. This is not a major
security hole, but is a breach of privacy.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System
fi
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spb1.6
Locale: LANG=C, LC_CTYPE=C (charmap
they
were running sarge, not now under etch). I do not now see the problem
on any etch machines.
Thanks, Paul
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
]:~$ date
Mon Aug 11 12:55:46 EST 2008
[EMAIL PROTECTED]:~$ exit
[EMAIL PROTECTED]:~$ date
Mon Aug 11 12:55:49 EST 2008
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email
the wrong start time.
Does the start time given by the kernel need a correction? Is the bug
in the kernel for lieing, or in ps for not applying that correction?
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University
know if you need further details.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386
request forgery
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064697.html
(My setting of severity on this bug is probably alarmist...)
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney
disk.
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
---
## Using msdos partition table, things work fine
# parted /dev/sda
GNU Parted 1.7.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view
re-build my kernel and try again.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Setting CONFIG_PARTITION_ADVANCED and CONFIG_EFI_PARTITION in the kernel
config, things work as they should. I also found that I can boot from a
gpt partition (with lilo).
Please close this bug report. I humbly and sheepishly apologize for the
noise.
Cheers,
Paul Szabo [EMAIL PROTECTED
Seems to me that this has been fixed in DSA-1450-1 (which only mentions
util-linux, not mount or bsdutils). However, the sarge AMD64 versions
seems to be missing...
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University
Dear LaMont,
... no clue what's keeping amd64 from
building - that'd be a debian-security question.
Can I assume that this is notified and will be fixed, or should I
complain somewhere else? (Oddly, the etch amd64 is done.)
Thanks, Paul
Paul Szabo [EMAIL PROTECTED] http
Flags
1 100GB 120GB 20.0GB ext3 xyz
(parted) quit
#
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System
retitle 460153 GPT label loses partitions after reboot
thanks
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
out all wrong from my reportbug).
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
I built my own parted from parted_1.8.7.git.2007.07.30.orig.tar.gz
but using that did not help. So maybe the problem is not in parted
after all, and then not related to
https://bugs.launchpad.net/ubuntu/+source/parted/+bug/107326
?
Cheers,
Paul Szabo [EMAIL PROTECTED] http
that the obvious workarounds of turning Indexes off or
having an index.html everywhere, protects just fine; and wonder why
Apache does not say so.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
protects from the issue.
AddDefaultCharset is on in the default configurations ...
Thanks for that other workaround: yes it seems to protect my machines.
Now I am puzzled why AddDefaultCharset was commented out in my configs.
Still puzzled why Apache did not mention these workarounds.
Cheers,
Paul
browser is IE, used by 90% of the (deluded) population,
then is it not low impact.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
...
... I still do not think it is important enough for a security
advisory.
So far I failed in producing an exploit for IE... even though that is
expected/reported to be easy! (The Firefox bug trumps any fix you may
make.)
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u
+harmful
http://www.washington.edu/imap/documentation/BUILD.html
-
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux
#s11.1.12.2
[6] http://hackersplayground.org/papers/sendmailholes.txt
[7] http://lists.debian.org/debian-doc/2001/08/msg00041.html
[8] http://lists.debian.org/debian-user/2003/12/msg02057.html
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics
anything, so that might be OK.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
The patch below (against 2.6.8-16sarge7) seems to solve the problem.
I now run my machines with both this patch, and also the one I submitted
on 20 Jul. Please include in future versions of the kernel.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School
/exports).
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.7
Locale: LANG=C, LC_CTYPE=C (charmap
a href=/iw/view/Main/WebHomeTWiki/a
...
I can only get the right output by modifying
/var/lib/twiki/templates/twiki.tmpl and hard-coding these values.
What am I doing wrong?
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
the intricacies of twiki management.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
I thought this had been fixed ages ago: see Bug#220486 and DSA 431-2.
Maybe this could be closed also?
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL
3 19:15 FILE
-rw--- 1 psz amstaff 2 Mar 3 19:15 HAND
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux
seconds for
perl -e '$|=0; foreach $x (1..500) { print x foreach(1..$x); print $x\n
}'
(Hmm... I now see that sarge 3.1r5 was released 18 Feb 07, and I still
run the previous one. Will now update, re-test, and maybe report back.)
Cheers,
Paul Szabo [EMAIL PROTECTED] http
.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
instruct what fonts should I try
(and how to change to them), and I will try.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
this seems fixed in etch 0.17-23 since 25 Nov 2006, but not yet in
sarge (==stable) 0.17-20sarge2. Please fix for sarge also.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE
Justin,
does this happen to you on a laptop machine, or otherwise?
I do not have Debian laptops. So it is otherwise: on my main
departmental login server
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University
Dear Security team,
A stupid little bug crept into (was left in) #384454 and DSA-1217.
My fault originally: I humbly apologize. Please correct it for sarge.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney
Justin,
... Do you suspect some particular cause here, too?
Yes, I blame ntpd. I only guess that it uses suspend to slow
things down. (No, I wouldn't manually suspend my server.)
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
).
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
they accept).
Bugtraq accepted also:
http://www.securityfocus.com/archive/1/460742
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
. (This is with the ATI driver. I now cannot
imagine how bad it would have been with VESA.)
Regardless of Xorg, please do not close this bug: Debian (stable) has
XFree86 only, not Xorg.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
, and nothing fixed, in
the Xorg server. Seems I should have reported the bug against the
terminals, not against the X server package.)
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
before. Once we know that it is a regression, and not just a slow
implementation, the severity could be raised.
As per initial bug report:
... 50 seconds ... At woody the above completed in under 1 second.
so it seems proved a regression.
Cheers,
Paul Szabo [EMAIL PROTECTED] http
|USER
psz 14627 0.0 0.0 2496 848 pts/6R+ 08:34 0:00 ps aux
[EMAIL PROTECTED]:~$
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Again looking at BTS, this bug seems similar to #161633.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
random files in there).
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.6
Locale: LANG=C, LC_CTYPE=C
now on holidays, with
ssh access only to my machines. May try again in 10 days or
so, with a local login.)
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL
:
gtk-print-backends = file,lpr,cups
in ~/.gtkrc-2.0.
Yes, printing from evince works fine with that setting.
Is there a global (not per-user) setting for that; and could the evince
package set that, or the evince binary to set the user's ~/.gtkrc-2.0?
Thanks,
Paul Szabo [EMAIL PROTECTED
You can get the lpr option as well if you set:
gtk-print-backends = file,lpr,cups
in ~/.gtkrc-2.0.
...
You can set it system wide, in /etc/gtk-2.0/gtkrc
Thanks, that solves the problem. (You may close this bug report.)
Thanks,
Paul Szabo [EMAIL PROTECTED] http
tested whether this works at all, or whether it
improves anything.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--- fs/nfs/dir.c.bak2004-08-14 15:36:58.0 +1000
+++ fs/nfs/dir.c
Have now tested the patch in my previous message: it does not solve
the problem I reported.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
, if it fails then surely you do not
own that display. Slow, maybe secure. That is what I use now.)
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
the check, or if you lack the time.
Looking at the source
vte-0.11.15/gnome-pty-helper/gnome-pty-helper.c
in line 682 it grabs
display_name = getenv (DISPLAY);
and uses it without any sanity checks: yes, surely it is also affected.
Cheers,
Paul Szabo [EMAIL PROTECTED] http
Dear Debian Security,
Quoting from http://www.debian.org/security/ :
Debian takes security very seriously. Most security problems
brought to our attention are corrected within 48 hours.
Can we please have a DSA for this problem?
Thanks,
Paul Szabo [EMAIL PROTECTED] http
The patch below should solve this problem.
I expect this will also solve
#305793 Attach files to TWiki topics fails after update
and an un-related (un-reported?) problem.
(Sven: should I make a reportbug for the unrelated problem?)
Cheers,
Paul Szabo [EMAIL PROTECTED] http
about tainting if a comment is present. Force a comment,
and untaint it?)
Cheers, Paul
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
Package: mount
Version: 2.11n-7
Severity: critical
File: /bin/umount
Tags: security
Justification: root security hole
Please see
http://www.securityfocus.com/archive/1/410333
for details. Verified (that noexec flag is gone) as follows:
psz:~$ id
uid=1001(psz) gid=1001(amstaff)
Package: twiki
Version: 20030201-6
Severity: critical
Justification: root security hole
Please see
http://www.securityfocus.com/archive/1/410721
Verified with
http://iw/iw/view/Main/TWikiUsers?rev=3D2%20%7Cless%20/etc/passwd
,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
, code below.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
OUTPUT:
[EMAIL PROTECTED]:~$ gnome-pty-helper-exploit xyz sleep 1; who; ps aux | grep
psz; sleep 6; who
[1] 31444
Writing utmp
/wtmp files. I use utmp in some of my own scripts, that is how I
looked at gnome-tty-helper.)
Cheers, Paul
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
to:
X.Org security advisory june 2008 - Multiple vulnerabilities in X server
extensions
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
I wonder if Debian is affected by these issues.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics
, or
at least by providing an option to leave the authentication data alone,
un-spoofed.
(Not really related to Bug#57116.)
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
#!/usr/bin/perl -w
Package: sendmail
Version: 8.13.4-3
Severity: critical
Justification: root security hole
Please see the following advisories/reports:
http://www.auscert.org.au/6148
http://xforce.iss.net/xforce/alerts/id/216
http://www.sendmail.org/8.13.6.html
Cheers,
Paul Szabo [EMAIL PROTECTED
it didn't.
I do realize that nvidia-kernel-source version 1.0.8178-2 is meant to be in
the testing/unstable distribution only, not in sarge; still, your various
debhelper settings are mismatched (and are not as you claim).
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u
reopen 356775
thanks
Filipus Klutiero [EMAIL PROTECTED] wrote:
Feel free to reopen if you can explain what's the bug.
I guess he meant for me to reopen: done with this message (I hope!).
Reasons were explained in my previous message to the bug.
Cheers,
Paul Szabo [EMAIL PROTECTED] http
failed
(evince:30718): GnomePrint-CRITICAL **: file gnome-print-transport.c: line 173 (
gnome_print_transport_write): assertion `transport-opened' failed
on STDERR (regardless if I use plain lpr, or with its full path, in
the selection box).
Cheers,
Paul Szabo [EMAIL PROTECTED] http
document the issue, or help change policy.)
Please see also bug#299007 http://bugs.debian.org/299007 .
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
Please see also
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/049079.html
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
Please see also
http://bugs.debian.org/384922
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/049079.html
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE
machine trashed because he trusted root_squash.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
. You can login on the NFS server.
This is not an impossible combination, but it's not a gaping security hole
either.
My exact situation: my home directory is exported from a server (read/write
and suid everywhere), with user login access to the server also. Gaping.
Cheers,
Paul Szabo [EMAIL
the
policymakers to fix the policy. They tricked you already: you were mistaken
about root's PATH. With the wrong policy, bugs such as this will keep
popping up; they will be reassigned, retitled, or otherwise shifted without
actually solving anything; and the holes will remain.
Cheers,
Paul Szabo [EMAIL
is a tiny policy change, to be permitted to drop
/usr/local things from root's PATH, or to remove group staff writability
from those things. Everyone seems to know those should be done...
Thanks for your help,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics
that currently the kernel does not understand such squashing of groups...
so this feature should be activated as soon as the kernel supports it.
Please see bugs #384922 and #299007
http://bugs.debian.org/384922
http://bugs.debian.org/299007
for details.
Cheers,
Paul Szabo [EMAIL PROTECTED] http
bugs #384922 and #299007
http://bugs.debian.org/384922
http://bugs.debian.org/299007
for details.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 3.1
I note that Ubuntu has fixed this:
https://launchpad.net/bugs/13795
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
Dear Steve,
You seem to think that this is important but not critical.
Don't you agree that it is a root security hole?
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE
...
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
-2.6.16 (hmm... why the specific version?) where the maintainer is
a nebulous committee, again you re-jiggle severity; and no word from the
maintainers.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney
or if the policy allows us to fix our systems; or
if at great expense we implement squashing GIDs.
The answer remains, don't set your NFS environment up that way.
The correct answer seems to be fix or ignore the policy.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz
severity 384922 critical
thanks
Dear Steve,
The issue is root compromise of an NFS server. If that is possible then
it is critical; if it is not possible then the bug is solved. It seems
logically impossible to downgrade this kind of bugs.
Cheers,
Paul Szabo [EMAIL PROTECTED] http
removal from Debian.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
, and never set non-default permissions on /usr/local or
altered root's PATH. I beleive it renders many other systems exploitable
also, but have no ways to test that hypothesis.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
the above completed in under 1 second.
It is interesting to see more than one of those running simultaneously
in several windows: only one at a time is running.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney
my home dir. Settings that may be relevant to ftpd are:
[EMAIL PROTECTED]:~$ grep psz /etc/passwd
psz:x:1001:1001:Paul Szabo:/users/amstaff/psz:/bin/bash
[EMAIL PROTECTED]:~$ ls -l /etc/ftp*
-rw-r--r-- 1 root root 76 Apr 18 2002 /etc/ftpchroot
-rw-r--r-- 1 root root 91 Apr 18 2002 /etc
/psz/root then on pisa I could set /user/amstaff/psz to
by a symlink to /, so asti would resolve that as /root.) I do not know
what misdeeds I can do by having an otherwise inaccessible cwd.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics
See also
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/049014.html
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
I suggest the patch below. Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--- linux-ftpd-0.17/ftpd/popen.c.bak1999-07-16 11:12:54.0 +1000
+++ linux-ftpd-0.17/ftpd/popen.c
by /root
being mode 700. Much more fun if /root/bin was mode 777...
Please fix. Please issue DSA.
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
-i.bak -pe s/DH_COMPAT=5/DH_COMPAT=4/ modules/nvidia-kernel/debian/rules
Seems to be related to the line
* now that sarge is stable upgrade DH_COMPAT to 5 (closes: #336734)
in modules/nvidia-kernel/debian/changelog ...
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz
1 - 100 of 603 matches
Mail list logo