Linux-Misc Digest #455, Volume #21 Wed, 18 Aug 99 23:13:08 EDT
Contents:
Re: *nix vs. MS security (Christopher Browne)
Re: errata [was Re: Slackware vs SuSE vs Debian vs Redhat vs ....] (Christopher
Browne)
Java security problem in Netscape on Linux. ("G. Georgiev")
Re: Any free SQL server available? (L J Bayuk)
Can OS/2 users grow up and think like Linux users? (was: Can I switch from OS/2 to
Linux and be happy?) (Marko)
crontab ("Tim")
services on start up & monolithic kernel (Stan)
Re: Booting Linux or DOS/Win3x (Paulo Rodrigues)
Re: ppp compression missing (IceLava)
Re: Linux file-size limit? (Christopher Browne)
Re: ALSA (Bryan)
Re: Mandrake 6.0: Trouble with NFS (and FTP) install (Jeff Nelson)
Is there a website for minimalist Linux users? (andy)
Re: compression on DAT tapes ("Gene Heskett")
Re: mp2 video player (William Burrow)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Christopher Browne)
Crossposted-To: comp.os.linux,comp.os.linux.questions,comp.os.linux.security
Subject: Re: *nix vs. MS security
Reply-To: [EMAIL PROTECTED]
Date: Thu, 19 Aug 1999 01:45:03 GMT
On Wed, 18 Aug 1999 19:43:47 GMT, Christopher Lu
<[EMAIL PROTECTED]> wrote:
>I'm taking a class on operating systems. During the last class, the
>instructor mentioned that *nices are less reliable and less secure than
>Microsoft OS's. His reasoning is that because *nices (espeically linux) is
>free and everyone has access to it, it's less secure. Random people can
>hack into a *nix system easier because they can figure out the interrupts
>and stuff, since it's a free OS.
>
>I questioned the fact that the majority of servers on the internet use some
>flavor or *nix. He answered saying that only small size companies use *nix.
>Everyone else uses something more secure (he meant MS I'm assuming).
>
>I wanted to know what everyone here thinks about this. I'm a firm believer
>thatn *nix is a very stable, secure system. Granted I haven't had a whole
>lot of experience dealing with *nix but everything I've seen/read/heard has
>led me to that conclusion. But being naive when it came to *nix I was
>unable to counter my instructor with anything substantial.
Your instructor is evidently the naive one.
a) In terms of reliability, it's not UNIXes that have to be taken down
weekly to reboot because the system probably will go down if you
don't.
The main box that I connect to currently has 11 days of uptime; the
downtime resulted from a hardware upgrade.
The major UNIX vendors (IBM, Sun, HP) are offering "more 9's" worth of
uptime than NT does.
b) In terms of security, I suggest you think again.
If you want to talk about formal security certifications, there are
UNIX systems rated as high as B1 by the NSA/NIST. NT is only rated
C2, and that is only true for version 3.51, with *networking turned
off.*
<http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html>
c) In terms of "unreliability as a result of open source," your
instructor obviously is unfamiliar with the way *serious* security
systems work.
Apparently he believes in the notion of "security through ignorance."
This only works when deploying systems in environments where attackers
are all effectively morons, and does not resist serious attacks.
Operating systems are small potatoes compared to cryptographic
systems, and the experts have repeatedly documented situations where
the utter *lack* of documentation and the *lack* of ability to attack
systems has resulted in systems that are insecure *because they are
not documented.*
The only competent way of validating that a system is resistant to
attack is to document its implementation, and allow experts to try to
find attacks. That's how cryptoanalysis works, and that's how
security holes get plugged in operating systems.
Note that by the above criteria, UNIX systems aren't usually
configured to be secure, much as NT systems aren't usually configured
to be secure.
In both cases, *typical* configurations tend only to use discretionary
security protection. Mandatory access control represents a B1
requirement that most UNIX systems do not satisfy, and which NT does
not satisfy.
And if the instructor actually did use phrasing involving the word
"interrupts," this probably indicates that he's been very well
brainwashed by someone that emitted convincing bafflegab about NT
being "more secure." That seems vastly more likely than that he knows
anything about TPEP or the Orange Book or about computer security in
general.
Ask the instructor about capabilities-based systems. Neither UNIX nor
NT represent such; that seems to be the area of greatest interest in
recent research work on highly-securable OSes.
d) I work at Sabre, the folks that do airline reservations. Our big
systems run UNIX. The big web servers run UNIX. Our *really* big
systems run on MVS mainframes (rumor is that we have 17 of 'em);
neither UNIX nor NT are as of yet options for something as big as a
travel reservation system. There are some systems running NT; nothing
of nearly as great importance, as far as I can tell.
Note that if you want to get "disagreeable" with the instructor, the
Right Approach to correct the instructor is not to blabber at him
about how "YOu're Worng! UNIX is much more securable than Windows
NT!"
The Right Approach is to suggest/volunteer to have your term paper (or
some such assignment) be written on the area of Operating System
Security. You "bias" the material to deal with some of the recent
research on things like capabilities-based OSes, tempered with a
presentation of TPEP and the EC (European Community) material on
secure computing system certifications.
The "UNIX-is-pretty-good" thing that will fall out particularly from
the latter search will be that there are vastly more Officially
Extremely Secure UNIXes than there are Officially "Vaguely Secure" NT
versions.
A useful thing to have fall out of it might be to do an analysis of
some portion of the capabilities of NT ACLs as well as an attempt to
see to what degree it is isomorphic with UNIX GIDs.
The research should be interesting; there's lots of good paper-writing
material out there; you'll learn lots that should even include the
idea that UNIX isn't the last word in security.
The big "win" is if you get a good learning experience, despite some
lack of knowledge on the part of the instructor.
--
"The idea that Bill Gates has appeared like a knight in shining armour to
lead all customers out of a mire of technological chaos neatly ignores the
fact that it was he who, by peddling second-rate technology, led them into
it in the first place." - Douglas Adams in Guardian, 25-Aug-95
[EMAIL PROTECTED] <http://www.hex.net/~cbbrowne/security.html>
<http://www.hex.net/~cbbrowne/oses.html>
------------------------------
From: [EMAIL PROTECTED] (Christopher Browne)
Subject: Re: errata [was Re: Slackware vs SuSE vs Debian vs Redhat vs ....]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 19 Aug 1999 01:45:06 GMT
On 18 Aug 1999 18:30:50 -0500, John Girash <[EMAIL PROTECTED]>
wrote:
>Just checked redhat.com; I forgot to mention they support Sun/Sparc
>as well, and it seems that GNOME/Enlightenment (ick) is now the
>default desktop. KDE (double ick) is still available though.
I expect that Enlightenment will be replaced by WindowMaker Real Soon
Now as the default, what with Rasterman's departure from RHAT.
--
I think you ought to know I'm feeling very depressed
[EMAIL PROTECTED] <http://www.hex.net/~cbbrowne/lsf.html>
------------------------------
From: "G. Georgiev" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.x
Subject: Java security problem in Netscape on Linux.
Date: Thu, 19 Aug 1999 01:03:18 -0400
Hi,
I want to open a socket connection from a running web page in
Netscape and I did copy with minor changes the following script from the
netscape development guide to my page:
function socketl(host,port,sendstr) {
netscape.security.PrivilegeManager.enablePrivilege('UniversalConnect');
var sock = new java.net.Socket (host, port);
dock = new java.io.DataOutputStream(sock.getOutputStream());
dock.writeBytes(sendstr);
var dis = new java.io.DataInputStream(sock.getInputStream());
while((line = dis.readLine()) != null) {
res += line;
res += java.lang.System.getProperty("line.separator");
}
dis.close();
dis.close();
dock.close();
sock.close();
return line;
}
When I run it in a netscape from a Windown computer it asks me the
first time if I want to gran the 'UniversalConnect' priviledge, I give him
this priv. and it goes quite happy after.
The problem is when i try to run it in Netscape (4.51) on Linux -
it does never ask me for the priviledge and it prints on the javascript
console:
JavaScript Error: uncaught Java exception
netscape/security/ForbiddenTargetException ("User didn't grant the
UniversalConnect privilege.")
So how to grant him this priviledge if it does never ask it?
Thanks, George.
------------------------------
From: [EMAIL PROTECTED] (L J Bayuk)
Subject: Re: Any free SQL server available?
Date: 19 Aug 1999 01:08:01 GMT
[EMAIL PROTECTED] wrote:
>> Not too mention the fact that PostgreSQL is more full-featured, supporting
>a
>> whole bunch of goodies that MySQL doesn't (like transactions). It is also
>
>You seem to know too much. Is there a book on Postgre that you recommend?
>The tutorials that I was able to get don't go beyond the basic SQL commands.
>Thanks
To learn to use PostgreSQL, I found 3 sources of information were
helpful. First, it comes with a lot of documentation, in both HTML and
PostScript, so you can browse it or print it as you like. Second,
get a good book on general SQL/Database stuff; I happen to like MIS
Press's The Linux Database, but others will do as long as they aren't
too specific to a particular database. Finally, when all else fails,
the source code is the ultimate reference.
------------------------------
From: [EMAIL PROTECTED] (Marko)
Crossposted-To: comp.os.os2.misc,comp.os.os2.apps,alt.os.linux
Subject: Can OS/2 users grow up and think like Linux users? (was: Can I switch from
OS/2 to Linux and be happy?)
Date: Thu, 19 Aug 1999 01:27:42 GMT
On Tue, 17 Aug 1999 20:38:18, [EMAIL PROTECTED] (Zephyr Q)
made history by saying:
->
-> Or, more importantly, how can I make the switch with as
-> little grief as possible?
I tried Linux twice - InfoMagic and then RH5.2. I was happy to wipe
Linux off and re-install OS/2. No sleight intended to the people
working on Linux. I think they're doing a great job. As a programming
geek, I found the UI fun, and I like the open source movement.
With Linux, configurability is its strength and its weakness. It takes
time. And the Linux UIs have a long way to go. YMMV.
IBM hasn't supported OS/2 for the client in a long time. Aren't
people's tears dry yet? When you need something for Linux, you either
wait for someone to make it, or you make it yourself. Why don't you
have the same attitude about OS/2? The tools are available just the
same.
------------------------------
From: "Tim" <[EMAIL PROTECTED]>
Subject: crontab
Date: Thu, 19 Aug 1999 11:03:34 +1000
i'm having problems with the crontab in redhat 6.
the problem seems really stupid and i don't know if its me or not.
eg 1)
i have an entry like this.
0,5,10,15,20,25,30,35,40,45,50,55 8-1 * * * /path/script
i want the script to run every 5 minutes between 8am and 1am.
this script does not run as required.
eg 2)
if i use
*/5 8-1 * * * /path/script
this does not work either
eg 3)
if i use
* * * * * /path/script
it works fine (obviously not at the intervals i require)
eg 2 works fine under slackware 3.4 and 3.6, but haven't tried eg 1.
any suggestions? its driving me crazy.
cheers
tim
------------------------------
From: Stan <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,redhat.config
Subject: services on start up & monolithic kernel
Date: Wed, 18 Aug 1999 23:30:53 GMT
Question #1 does anyone know where I can get an explanation of the
services at start up, such as amd, apmd, arpwatch, atd, autofs, & etc.
I would like to know what they are and what they do so I can configure
them.
Question #2 I am trying to build a momolithic kernel, which means I build
the kernel without modules. Using a boot disk with Mandrake 6.0 I have run
into a problem where the loading of the system stops as it looks to
"finding module dependencies". If I Control C it continues.
How do I get this to load without adding modules???
Is this correct to build a kernel without modules???
Please answer at my email address if possible.
Kona Stan
[EMAIL PROTECTED]
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED] (Paulo Rodrigues)
Subject: Re: Booting Linux or DOS/Win3x
Date: 18 Aug 1999 20:39:03 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 11 Aug 1999 17:08:43 GMT, Martin R. Green <[EMAIL PROTECTED]>
wrote:
>I am currently running RH6.0 on an old 486SX PC with a 1.2G hard
>drive, but I have found that I don't really have room to play with
>Linux properly in the space I have allocated for the Linux main
>partition. As a solution I am going to add an older Quantum 720M
>drive, setting up DOS on the 720M and Linux on the 1.2G drive.
>
>I need to be able to boot with LILO into either Linux or DOS with
>Win3x, but I believe only partitions on the primary drive can be made
>bootable, which means I probably need to do one of the following:
>
>1. Make the 720M the primary drive and install DOS on it. Make the
>1.2G the secondary drive, and install Linux on it. Let LILO be
>installed on the primary boot drive, and let it handle booting Linux
>from the secondary drive. I don't think this will work.
>
>2. Make the 720M the primary drive, create a large DOS partition and a
>a small Linux boot partition on it, and install the rest of Linux on
>the secondary 1.2G drive. I *think* this is the way to go. "/" would
>be on the secondary 1.2G drive and "/boot" would be on the primary
>720M drive.
>
>Has anyone done something like this before? Any suggestions or
>caveats?
>
>Also, should I allocate the Linux swap partition on the same drive as
>the rest of Linux, or will Linux run quicker if I place the swap
>partition on the 720M and the rest of Linux on the 1.2G? (both drives
>are about equally fast).
>
>
>CIAO and thanks - Martin.
hi martin
ever thought of loadlin? boot linux or dos from your config.sys (dos, yes, but
you wont notice any difference in speed)...
as for the location of your swap partition, id say put it on your faster disk
good luck
paulo rodrigues
------------------------------
From: IceLava <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: ppp compression missing
Date: Thu, 19 Aug 1999 01:03:18 +0000
Don't worry abt it? I thot in Linux u hada worry & take care of
everything
anyway it works thanx alot!
that's 1 problem off my list (taller than me). now on to investigate
the other mysteries....
------------------------------
From: [EMAIL PROTECTED] (Christopher Browne)
Crossposted-To: comp.os.linux.hardware,comp.os.linux.development.system
Subject: Re: Linux file-size limit?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 19 Aug 1999 01:45:07 GMT
On Wed, 18 Aug 1999 10:36:40 -0400, Ted Pavlic <[EMAIL PROTECTED]> wrote:
>I really should read the rest of the thread because I'm sure someone has
>already explained this.
>
>On a 32-bit file system, the biggest file you can have is 2^31 bytes.
>(2147483648 bytes) That's the largest number that the file system can
>address. This limitation isn't specific to ext2. It's the same with any
>other 32-bit file system. (NTFS, for example) There's no getting around
>it... until you have a 64-bit file system. :)
>
>I apologize if someone already has mentioned this and now I'm just wasting
>time.
This would be relevant if we were talking about filesystems that
didn't support >32 bit file sizes.
ext2, in particular, can support file sizes up to 1T, since files are
segmented.
The problem is that:
a) You can't usefully NFS mount that file, because NFS only allows
file sizes up to 2^31.
b) You can't read all of it using standard C file manipulation
functions on 32 bit architectures because the "FILE *" structure only
allows addressing the first 2^31 bytes of the file.
--
There's a new language called C+++. The only problem is every time
you try to compile your modem disconnects.
[EMAIL PROTECTED] <http://www.hex.net/~cbbrowne/linuxkernel.html>
------------------------------
From: Bryan <Bryan@[EMAIL PROTECTED]>
Subject: Re: ALSA
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.networking
Date: Thu, 19 Aug 1999 01:44:21 GMT
In comp.os.linux.development.apps Timo Tossavainen <[EMAIL PROTECTED]> wrote:
: I still wonder why they
: can't release the programming specs, what do they have to lose ?
fear on the part of the hardware vendors. by describing the 'giftpaper
wrap' they think folks will be able to guess what kind of goodies are
inside the box.
of course you could have an ugly api that gives NO hits about how the
asics work. and a clean one that implements to bad asics underneath.
but vendors don't want to risk letting ANYTHING out too soon. aka,
paranoia...
--
Bryan, http://www.Grateful.Net - Linux/Web-based Network Management
->->-> to email me, you must hunt the WUMPUS and kill it.
------------------------------
From: Jeff Nelson <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.help
Subject: Re: Mandrake 6.0: Trouble with NFS (and FTP) install
Date: Wed, 18 Aug 1999 18:34:44 -0700
Reply-To: [EMAIL PROTECTED]
Chris wrote:
>
> I too downloaded some shareware NFS server, but that didn't help, so I
> tried to do an FTP install over my little 2-PC LAN (if I can call it
> that), but that didn't work either. So I said the hell with it, and am
> doing an FTP install from a remote server. With ADSL it's not too
> slow, and it has the advantage of actually working.
I've also been trying to do an FTP install (connection at university, so not
too bad a speed!) but get error messages every time saying that it can't find
the second stage install file, or something... I don't know if I'm specifying
the correct path, but I've tried multiple paths on several of the servers
listed on Mandrake's site.
Could you share the server and path that you used?
Thanks!
Jeff Nelson
[EMAIL PROTECTED]
http://www.itp.innoved.org
------------------------------
From: andy <[EMAIL PROTECTED]>
Subject: Is there a website for minimalist Linux users?
Date: Wed, 18 Aug 1999 22:08:16 -0400
Hey all you hardcore commandline users! Keeping that 486 alive, eh? I'm
just tired of all these apps intended for the wicked blazing smoking
kick ass 450Mhz-toting user.
So how much fun can I have? YOU tell ME. I want to make my pitiful 486
sweat without making it crawl! No KDE, No GNOME. So what do YOU run on
YOUR box? Did you make it a game server? Gateway router? What?
--
apurugga AT mindspring DOT com
annandy AT dc DOT seflin DOT org
------------------------------
Date: 18 Aug 99 22:11:24 -0500
From: "Gene Heskett" <[EMAIL PROTECTED]>
Subject: Re: compression on DAT tapes
Crossposted-To: comp.os.linux.hardware
Unrot13 this;
Reply to: <[EMAIL PROTECTED]>
Gene Heskett sends Greetings to Gustavo Adolfo;
FWIW, I was watching the BRU from the 5.1 distro do my system a few days
ago, and noted with some glee that BRU was turning the drives compssion
on and off according to the filetype it was currently processing. Thoxe
files that were already compressed, caused BRU to shut the drives
compression off, back to what I knew was a etxt file, and on it came.
GAK> I have a SDT-S9000 Sony's DAT unit, and I'm running Red Hat 5.2,
GAK> kernel 2.2.10. I just want to made compressed backups. I've tried
GAK> mt -f /dev/st0 defcompression 1
GAK> and
GAK> mt -f /dev/st0 compression 1
GAK> but it didn't work.
GAK> Has someone a suggestion?
To answer your question, I don't know, I've not used it that way.
Cheers, Gene
--
Gene Heskett, CET, UHK |Amiga A2k Zeus040 50 megs fast/2 megs chip
Ch. Eng. @ WDTV-5 |A2091,GuruRom,1g Seagate,CDROM,Multiface III
|Buddha + 4 gig WDC drive, 525 meg tape
|Stylus Pro, EnPrint, Picasso-II, 17" vga
RC5-Moo! 690kkeys/sec isn't much, but it all helps
email gene underscore heskett at iolinc dot net
--
------------------------------
From: [EMAIL PROTECTED] (William Burrow)
Subject: Re: mp2 video player
Date: 19 Aug 1999 01:58:46 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 19 Aug 1999 00:27:49 GMT,
mike <[EMAIL PROTECTED]> wrote:
>Does anyone know of an mp2 video
>player for linux?
mpegtv? www.mpegtv.com
xanim?
Check freshmeat.org and linuxapps.com for stuff.
--
William Burrow -- New Brunswick, Canada o
Copyright 1999 William Burrow ~ /\
~ ()>()
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
