Linux-Misc Digest #505, Volume #24 Wed, 17 May 00 18:13:02 EDT
Contents:
Re: XMMS & Sound (=?iso-8859-1?Q?Beno=EEt?= Smith)
Re: Need ideas for university funded project for linux ([EMAIL PROTECTED])
Re: another netscape question... nameservice? (Steve)
Re: Need ideas for university funded project for linux ([EMAIL PROTECTED])
Re: Rack-mounting machines (Ben Walker)
Re: Cannot enter yast2 using SuSE 6.4 (and the right password) ? ("Rick")
Re: add a second root-account (Alexander K)
cpio errors doing SCSI tape backup (David Koski)
Re: WYSIWYG web page generator ([EMAIL PROTECTED])
Re: Need ideas for university funded project for linux (Mongoose)
Re: Address book crashes Netscape with bus error ([EMAIL PROTECTED])
Re: WYSIWYG web page generator (Ron Gibson)
Re: Need ideas for university funded project for linux (Leslie Mikesell)
Re: add a second root-account (Scott Bishop)
Re: Running program under root ID (brian moore)
Re: add a second root-account (Harlan Grove)
----------------------------------------------------------------------------
From: =?iso-8859-1?Q?Beno=EEt?= Smith <[EMAIL PROTECTED]>
Subject: Re: XMMS & Sound
Date: Wed, 17 May 2000 23:07:05 +0200
Dances With Crows wrote:
> On Wed, 17 May 2000 01:18:30 +0200, Beno�t Smith
> <<[EMAIL PROTECTED]>> shouted forth into the ether:
> >Dances With Crows wrote:
> >> Now start xmms up again, and set the Output Plugin to "OSS". Much better.
>
> >Sorry, the Slackware distribution does not include OSS... And when I try
> >to play the mp3 with this plugin, I get an error message.
>
> And this error message is?...
"Please check that:
1. You have the correct output plugin selected
2. No other program is blocking the soundcard
3. Your soundcard is configured properly" [NB: I just had to uncomment the right
module (es1371) in /etc/rc.d/rc.modules]
> >Isn't there a way to use XMMS with a single soundcard module without the
> >heavy OpenSound System ?
>
> Oops, misunderstanding time. OSS, confusingly enough, stands for two
> things: The Open Sound System implementation that's distributed as source
> with the Linux kernel, and the commercial OSS sound drivers that you can
> buy for $20-30. Most of the Linux sound drivers attempt to use the OSS
> standard, and even the ALSA project has an OSS compatability layer. OSS
> generally means the free implementation unless it's qualified with
> "commercial".
Does it mean that I may to recompile the kernel with OSS support ?
--
Beno�t Smith
Just a Rhyme Without a Reason
------------------------------
Crossposted-To:
comp.os.linux,comp.os.linux.development,comp.os.linux.development.apps,comp.os.linux.development.system,comp.os.linux.setup,comp.os.linux.advocacy
Subject: Re: Need ideas for university funded project for linux
From: [EMAIL PROTECTED]
Date: Wed, 17 May 2000 21:10:43 GMT
Mongoose <[EMAIL PROTECTED]> writes:
> On Wed, 17 May 2000 15:01:04 GMT, [EMAIL PROTECTED] wrote:
> >Mongoose <[EMAIL PROTECTED]> writes:
> >The way I see it, Linux needs the following, at minimum, before it can
> >be a legitimate competitor to Windows:
> >1. A streamlined, easy install process;
> Theres distros that have that now. Caldera I think? You can play
> tetris while linux is installing on your machine.
Dunno. I've just heard very bad things about some of the installers,
namely that they either work perfectly or not at all. And, of course,
we should be able to turn off the easy-to-use installer and get our
hands dirty.
> >2. An office suite roughly as functional as Office, and at least as
> > easy to use;
> Staroffice which is basically a clone of MSoffice, and Corel Office
> Suite. Both very good office suites for linux.
I've used StarOffice (not Corel Office), and it's not roughly as
functional as Office. Also, it's not GPLed. I have hopes that
GNOME's office suite will come through (and it's very nice, though
crash-intensive, so far).
> >3. A GUI package installation mechanism that's as easy to use as
> > InstallShield (trivial if we get a file manager for GNOME or KDE); and
> Maybe, theres a few out there but no one uses them except commercial
> companies. Most programs use the standard configure; make; make
> install line
Yeah. And that's a serious problem. Do you realize how fucking
annoying it is to have to install 150MB of source, dedicate 1.5 hours
to configuring and building, and then find out that there's some God
forsaken shared library I need to install before it will work? Not
that I have gone through this several times with XEmacs on RedHat
boxes, or anything.
I want to click on a damn button and have the program install. I want
the option to do it by hand if I have to, but installing anything on
Linux is a nightmare if you have to build it from the source. Note
also that "make install" will occasionally break, depending on your
distribution. And they all seem to be going in tangential directions
on this one.
There's just no excuse for not having an adequate installer. We have
two excellent package-management tools, dpkg (and apt) and rpm. All
we have to do is put a shiny new GUI front-end on them.
Not that I am bitter.
[...]
> It seems that there are alot of linux programs out there that do
> these things people need, its just that its hard to find them all.
Yeah. Because there are 573,283 Linux packages, 572,911 of which do
exactly the same thing, and 290 of which are cutesy man pages.
We need some Machiavellian masochist to sift through all the packages
for Linux, pick the best ones, and throw out the rest. I think
anything that hasn't been changed for 5 years should go; we might have
to make an exception for e2fsck, but as a rule, it would probably
eliminate half the packages.
> As for ease of use, most linux users are intellegent computer users
> and don't need guis to configure and install stuff.
This is a lie.
I'm an intelligent computer user. I have manually, painstakingly
configured my Debian system by hand, because there are either no
usable GUIs to do it or they don't get put on my X menu (so I install
them and forget them). I hate doing it, and I have to refer back to
the man pages - which, by the way, are indecipherable even if you know
what you're doing - roughly every two seconds. And then we have the
fact that UNIX folks just love to abbreviate, and apparently consider
it a matter of personal style and creativity. I use "fn" for
"function," God help me, but I'm not so big a moron that I'd do it in
a configuration file. Most of the otherwise-intelligent people who
write the programs we use every day are guilty of that and worse
crimes, though.
I much, much, much prefer being able to right-click on something and
hit "Properties." I also like being able to press F1 when the mouse
is over a confusing field and get an explanation of it. (The
explanation often isn't a help, and I expect that would carry over to
Linux, but at least there's no flipping around between screens.)
Please excuse the rant. But Linux has been a pain in the ass to
configure since I started using it in the early 90's, and it's
improved not at all since then.
> This is the problem though, they don't care enough to create
> programs to help newbies install and use linux and so linux is being
> held back.
I care enough. I'm just no good at GUI programming.
> I don't see linux taking off any time soon either but the more help
> it gets, the more popular it will be.
I don't think we should squander this opportunity. The reason I get
so locquatious when it comes to Linux is that I really like some parts
of it, and really hate others. Same thing for Windows, but the really
funny part is that the two are, for me, almost perfectly complementary.
I see an opportunity for us to improve Linux so that it can be like it
is now, or like Windows, or like anything at all, and change between
the two with only about five minutes' effort.
It's just that there's such a huge opportunity here, and it seems like
so few people are willing to take advantage of it. Myself included,
but I, unfortunately, don't have a separate computer available to do
Linux development. (Is there a Linux for SGI boxes yet?)
There I go, ranting again. Please excuse this one too.
--
Eric P. McCoy ([EMAIL PROTECTED])
non-combatant, n. A dead Quaker.
- Ambrose Bierce, _The Devil's Dictionary_
------------------------------
From: [EMAIL PROTECTED] (Steve)
Subject: Re: another netscape question... nameservice?
Reply-To: [EMAIL PROTECTED]
Date: 17 May 2000 22:12:46 GMT
On 13 May 2000 15:34:00 -0500, Dave Brown wrote:
>I'm running a caching nameserver on an old Slackware partition.
>If I'm not connect to internet when I invoke netscape to read
>a local document, I apparently insists on accessing home.netscape.com,
>or whatever, and goes for nameservice. This, even though my startup
>page is a blank, and I've set the Home Page in "Preferences" to
>a local blank html document. Needless to say, it seems to take forever
>to timeout the DNS request. If I kill the local caching nameserver,
>netscape will almost immediately give a popup saying it can't find
>those netscape addresses. (Which is also annoying). On RedHAT,
>netscape seems to ignore the whole thing and put up RedHat's local
>html doc.
>
>How to get netscape to "not do a DNS" when it doesn't have to?
For me that problem went away when I installed apache, but that's a bit
of overkill just to get rid of a popup window. There must be a better
solution than running a webserver, but I don't know of one.
--
Cheers
Steve email mailto:[EMAIL PROTECTED]
%HAV-A-NICEDAY Error not enough coffee 0 pps.
web http://www.ndirect.co.uk/~sjlen/
or http://start.at/zero-pps
4:03pm up 8 min, 3 users, load average: 1.20, 1.03, 0.52
------------------------------
Crossposted-To:
comp.os.linux,comp.os.linux.development,comp.os.linux.development.apps,comp.os.linux.development.system,comp.os.linux.setup,comp.os.linux.advocacy
Subject: Re: Need ideas for university funded project for linux
From: [EMAIL PROTECTED]
Date: Wed, 17 May 2000 21:14:27 GMT
[EMAIL PROTECTED] (eyez) writes:
> quoting <[EMAIL PROTECTED]>:
> >Mongoose <[EMAIL PROTECTED]> writes:
> >In order to beat Windows, client-side, we need:
> >1. A GUI interface to *all* configuration files;
> Ugh. that's why i LEFT windows.
I'm not saying that you should *have* to go through the GUI, just that
you can if you want to.
I concur, though, that for some applications (recovery and
auto-configs/-installs, to name two) it's a really bad idea. And it's
a trap that Windows has never managed to get out of. (It's why the
"Windows Resource Kit" includes a bunch of UNIX utilities.)
> maybe the whole world SHOULDN'T run linux. It's not a system that's
> made to be like windows.
Perhaps it wasn't made to have a GUI (and I'm not saying "Windows," I'm
saying "a GUI"), but it's certainly become a part of it over time.
--
Eric P. McCoy ([EMAIL PROTECTED])
non-combatant, n. A dead Quaker.
- Ambrose Bierce, _The Devil's Dictionary_
------------------------------
From: [EMAIL PROTECTED] (Ben Walker)
Subject: Re: Rack-mounting machines
Date: 17 May 2000 14:55:49 -0600
We have bought quite a few rackmount chasses from Siliconrax,
http://www.siliconrax.com
They have a large selection, you should be able to find what you need.
In article <[EMAIL PROTECTED]>,
John Ioannidis <[EMAIL PROTECTED]> wrote:
>What's the current wisdom on good-quality rack-mounted enclosures for
>ATX motherboards? The place I had gotten my last batch a couple of
>years ago is no longer in business. My main requirements are:
>
>* high-quality power supply
>* lots of ventilation
>* at least three external bays for disk drives
>
>Any hints?
>
>Thanks
>
>/ji
>
>--
> /\ ASCII ribbon | John Ioannidis * Secure Systems Research
> Department
> \/ campaign | AT&T Labs - Research * Florham Park, NJ 07932
> /\ against | "Intellectuals trying to out-intellectual
>/ \ HTML email. | other intellectuals" (Fritz the Cat)
------------------------------
From: "Rick" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Cannot enter yast2 using SuSE 6.4 (and the right password) ?
Date: Wed, 17 May 2000 23:13:34 +0200
TomG <[EMAIL PROTECTED]> schreef in berichtnieuws
[EMAIL PROTECTED]
>
> Aron Felix Gurski wrote:
> >
> > Rick wrote:
> > > I have installed suse 6.4 without any poblems. During installation i
> had to
> > > fill in a loginname and 2 passwords. One password as a user and one
> password
> > > as a administartor
> > > 1) I cannot loggin as a system administrator (ROOT) using ofcourse the
> right
> > > password.
> > > 2) I can loggin as a user but i cannot enter yast2...(using the right
> > > password as a administrator)
> > >
> > > When i want to enter yast and i type my (administartor) password...no
> > > characters (******) appaer on the screen, instead yast shuts down
> wtithout a
> > > warning.
> > >
> > > What is wrong ?
> >
> > It sounds like you are typing in the wrong password for root. Are you
> sure that
> > you typed it correctly during the installation of the system? Are you
> taking
> > into account that there is a difference between upper and lower case
> letters in
> > passwords?
> >
> > --
> > -- Aron
> >
> > NB: To reply by e-mail, remove "spam-block." from my address.
> > - - - - - - - - - - -
> > Eagles soar but a weasel will never get sucked into a jet engine.
>
> I'd just like to add to this that Linux doesn't show characters for
> passwords. Otherwise, I entirely agree with Aron.
No Characters when I fill in the "root password" for YAST...that means no
******** or any other character (or number) like RRPP7361 or what so ever
!!!!
Rick
>
> TomG
>
>
> --
> Posted via CNET Help.com
> http://www.help.com/
------------------------------
From: Alexander K <[EMAIL PROTECTED]>
Subject: Re: add a second root-account
Date: Wed, 17 May 2000 21:08:42 GMT
sure, if i feel there is something i want to learn from that... why not?
only thing that can get killed is data.
i am doing this on MY computer. not asking anyone else to try it for me.
actually that would defeat the purpose:)
and no. not random programs. just the ones i want, if i want:)
just cause you find it meaningless doesnt mean i do.
to me, no knowledge is pointless.
next time someone has a problem with a closely related issue perheps
i'll be able to give some advice (while you'll be be nagging about "oh
what was the point with this or that"?):).
In article <[EMAIL PROTECTED]>,
Harlan Grove <[EMAIL PROTECTED]> wrote:
> Adventure in the sense of handing a loaded gun to a
> chimpanzee and waiting around until he figures out how to
> use it? Adventure in the sense of running random programs
> with /etc/passwd as a command line argument?
--
.
.
... ak42 at kurir dot net ...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 17 May 2000 14:16:27 -0700
From: David Koski <[EMAIL PROTECTED]>
Subject: cpio errors doing SCSI tape backup
When backing up an RH-5.2 system with about 2.5 gigs to an h-p SureStore
T20 I am getting errors on seemingly random files preventing a complete
backup. The last line out to stderr reads:
cpio: cannot read checksum for <the file name goes here>: Input/output
error
The cpio version:
# cpio --version
GNU cpio version 2.4.2
Any suggestions?
David Koski
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.powerpc,alt.os.linux.mandrake
Subject: Re: WYSIWYG web page generator
Date: Wed, 17 May 2000 16:23:26 -0500
In article <[EMAIL PROTECTED]>,
Mark Wilden <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>> The web is hyperTEXT (HTML = "HyperText Markup Language").
> Then why does HyperTEXT Markup Language contain an <img> tag?
Why on the <img> tag is the alt attribute required?
> Given the preponderance of sites with graphics over sites with no
> graphics,
Would you like some fire with your straw man?
--
__ _____________ __
\ \_\ \__ __/ /_/ / <[EMAIL PROTECTED]> ___
\ __ \ | | / __ /----------------------------------------------------\-\|/-/
\_\ \_\|_|/_/ /_/ <http://www.war-of-the-worlds.org/>
------------------------------
From: Mongoose <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux,comp.os.linux.development,comp.os.linux.development.apps,comp.os.linux.development.system,comp.os.linux.setup,comp.os.linux.advocacy
Subject: Re: Need ideas for university funded project for linux
Reply-To: [EMAIL PROTECTED]
Date: Wed, 17 May 2000 21:32:09 GMT
On Wed, 17 May 2000 21:10:43 GMT, [EMAIL PROTECTED] wrote:
>> >3. A GUI package installation mechanism that's as easy to use as
>> > InstallShield (trivial if we get a file manager for GNOME or KDE); and
>
>> Maybe, theres a few out there but no one uses them except commercial
>> companies. Most programs use the standard configure; make; make
>> install line
>
>Yeah. And that's a serious problem. Do you realize how fucking
>annoying it is to have to install 150MB of source, dedicate 1.5 hours
>to configuring and building, and then find out that there's some God
>forsaken shared library I need to install before it will work? Not
>that I have gone through this several times with XEmacs on RedHat
>boxes, or anything.
Well you could just download a binary that has all the libraries it
needs statically compiled into it. The problem here is that if a new
version of the library comes out your screwed because your stuck with
the library thats compiled in the binary. So if your compiled to Mesa
and a new version of Mesa comes out thats twice as fast as the
original, you could install it and upgrade your game or whatever uses
it if you dynamically link to the library.
>> It seems that there are alot of linux programs out there that do
>> these things people need, its just that its hard to find them all.
>
>Yeah. Because there are 573,283 Linux packages, 572,911 of which do
>exactly the same thing, and 290 of which are cutesy man pages.
>
>We need some Machiavellian masochist to sift through all the packages
>for Linux, pick the best ones, and throw out the rest. I think
>anything that hasn't been changed for 5 years should go; we might have
>to make an exception for e2fsck, but as a rule, it would probably
>eliminate half the packages.
Ya this is true, freshmeat needs some better organization, or a
voting system. Since everyone can make applications for free, that
leads to so much crap being made.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Address book crashes Netscape with bus error
Date: Wed, 17 May 2000 21:35:47 GMT
In article <[EMAIL PROTECTED]>,
Michael Hofmann <[EMAIL PROTECTED]> wrote:
> Carter Brey wrote:
> >
> > Hello--
> >
> > Am running NS 4.72, RH 6.2. Every time I try to access
> >
> > the address book, NS crashes with a "bus error"
> >
> > message. Any suggestions? Thanks in advance.
>
> I used to have a corrupted address book that crashed my NS4.61. The
only
> way to solve this seemed to be deleting the abook and restoring from a
> backup.
Close but no cigar...
I've got almost the same problem. I create a brand new address book
from scratch, and while NS no longer crashes, it can't retrieve any
information from the entries I've created.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Ron Gibson)
Crossposted-To: alt.os.linux.mandrake,comp.os.linux.powerpc
Subject: Re: WYSIWYG web page generator
Date: 17 May 2000 21:58:19 GMT
John Wingate <[EMAIL PROTECTED]> stated with conviction:
> Where I used to work, our secretary demanded, and got, a Sun workstation[1]
> hooked to our network so she could use TeX for papers and reports, and
> interact easily with the technical staff. She became quite proficient.
> [1] A Sun 3/50 (this was in the late eighties).
Tales of other strange secretaries :)
In our engineering department at my old University, back about 1994 I
was in the office and the secretary was pounding out very complex
equations on her PC. She said she has to do all the typing for papers
the profs write. If you've ever tried to do complex mathematical
expressions you know how difficult that is and I was just started using
Word 6 and was really impressed with the equation editor.
What she was doing made my work look like child's play. I asked what
kind of "special" software she was using...
"WordPerfect 5.1/DOS"
Email: [EMAIL PROTECTED]
ICQ: 56576008
Home Page: http://home.netcom.com/~rgibson/index.htm
�
------------------------------
From: [EMAIL PROTECTED] (Leslie Mikesell)
Crossposted-To:
comp.os.linux,comp.os.linux.development,comp.os.linux.development.apps,comp.os.linux.development.system,comp.os.linux.setup,comp.os.linux.advocacy
Subject: Re: Need ideas for university funded project for linux
Date: 17 May 2000 16:57:07 -0500
In article <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>Mongoose <[EMAIL PROTECTED]> writes:
>> Staroffice which is basically a clone of MSoffice, and Corel Office
>> Suite. Both very good office suites for linux.
>
>I've used StarOffice (not Corel Office), and it's not roughly as
>functional as Office.
Is there something specific that you couldn't do with it?
>> >3. A GUI package installation mechanism that's as easy to use as
>> > InstallShield (trivial if we get a file manager for GNOME or KDE); and
>
>> Maybe, theres a few out there but no one uses them except commercial
>> companies. Most programs use the standard configure; make; make
>> install line
>
>Yeah. And that's a serious problem. Do you realize how fucking
>annoying it is to have to install 150MB of source, dedicate 1.5 hours
>to configuring and building, and then find out that there's some God
>forsaken shared library I need to install before it will work? Not
>that I have gone through this several times with XEmacs on RedHat
>boxes, or anything.
Odd, I've got an xemacs from the default install...
>I want to click on a damn button and have the program install. I want
>the option to do it by hand if I have to, but installing anything on
>Linux is a nightmare if you have to build it from the source. Note
>also that "make install" will occasionally break, depending on your
>distribution. And they all seem to be going in tangential directions
>on this one.
Have you found something you wanted where you couldn't find a
recent source rpm already tuned for your base installation
that you could tweak and rebuild with a couple of rpm commands?
>
>There's just no excuse for not having an adequate installer. We have
>two excellent package-management tools, dpkg (and apt) and rpm. All
>we have to do is put a shiny new GUI front-end on them.
What is wrong with clicking on an rpm file with the kde
file manager/browser? It will automatically start kpackage
so you can click the install button. Toss in the powertools
CD and go wild.
>Not that I am bitter.
Have you been doing it the hard way?
>> It seems that there are alot of linux programs out there that do
>> these things people need, its just that its hard to find them all.
>
>Yeah. Because there are 573,283 Linux packages, 572,911 of which do
>exactly the same thing, and 290 of which are cutesy man pages.
>
>We need some Machiavellian masochist to sift through all the packages
>for Linux, pick the best ones, and throw out the rest. I think
>anything that hasn't been changed for 5 years should go; we might have
>to make an exception for e2fsck, but as a rule, it would probably
>eliminate half the packages.
If it is free and useful you'll probably find it in either the
RedHat or Mandrake base RPMs or on the powertools CD. Or
the VALinux variation - all pretty much binary-rpm compatible.
>I much, much, much prefer being able to right-click on something and
>hit "Properties." I also like being able to press F1 when the mouse
>is over a confusing field and get an explanation of it. (The
>explanation often isn't a help, and I expect that would carry over to
>Linux, but at least there's no flipping around between screens.)
So what is the problem with doing this in the KDE desktop?
>Please excuse the rant. But Linux has been a pain in the ass to
>configure since I started using it in the early 90's, and it's
>improved not at all since then.
Huh? A recent Mandrake/RedHat does most of what you say
is missing right out of the box.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: Scott Bishop <[EMAIL PROTECTED]>
Subject: Re: add a second root-account
Date: Wed, 17 May 2000 17:00:43 -0500
Alexander K wrote:
>
> sure, if i feel there is something i want to learn from that... why not?
> only thing that can get killed is data.
> i am doing this on MY computer. not asking anyone else to try it for me.
> actually that would defeat the purpose:)
Actually, at best nothing would happen at all. At worst you'd be
causing a major hassle that you could have done without. There's no
benefit to this.
> just cause you find it meaningless doesnt mean i do.
> to me, no knowledge is pointless.
People here have been giving you knowledge until the sun goes down. The
knowledge they've been giving you has been to not try it. I did once.
I eventually ended up wiping out the second root account, because it
served no useful function. Any FUBAR I would make to the root account
could be undone via boot/root disks, and I wouldn't have to deal with
the second root account. It's just one more account to have to keep
track of.
> next time someone has a problem with a closely related issue perheps
> i'll be able to give some advice (while you'll be be nagging about "oh
> what was the point with this or that"?):).
They've already given the proper advice in these situations:
A) Use sudo.
B) Use emergency boot/root disks (which any smart sysadmin should have
anyway).
C) If you MUST give someone else access to a uid 0 account, give them
the root password. You're pretty much doing it anyway by giving them
their own uid 0 account.
You should learn good sysadmining habits now. Personally, I'm not paid
to have a sense of adventure. I'm paid to maintain a stable network.
Learning good sysadmining habits will only benefit you, while bad ones
will only cause you problems down the road.
Just my $.02...
--
--Scott Bishop
WALKER BOLT Manufacturing Co.
(Notice: The opinions stated in this message are not necessarily those
of my employer, nor of any other sane individual for that matter.)
------------------------------
From: [EMAIL PROTECTED] (brian moore)
Subject: Re: Running program under root ID
Date: 17 May 2000 22:07:51 GMT
On 17 May 2000 16:58:43 -0500,
Paul Kimoto <[EMAIL PROTECTED]> wrote:
>
> It is too hard to write secure setuid shell scripts. Accordingly, Linux
> ignores the setuid bit on scripts.
Not true.
Linux ignores the setuid bit, because the current method of invoking a
script allows for a race condition. This has been solved on other Unix
systems (like, say, Solaris) by invoking the interpreter and passing it
an open file handle to the script instead of the name of it, breaking
the race condition.
>From the perlsec man page:
Beyond the obvious problems that stem from giving special
privileges to systems as flexible as scripts, on many
versions of Unix, set-id scripts are inherently insecure
right from the start. The problem is a race condition in
the kernel. Between the time the kernel opens the file to
see which interpreter to run and when the (now-set-id)
interpreter turns around and reopens the file to interpret
it, the file in question may have changed, especially if
you have symbolic links on your system.
hint: symbolic links and an suid script make it trivial to run any
program as the owner of the suid script on such systems, of which Linkux
is one. Set up a symlink like foo->/sbin/rootly, where rootly is
an suid script. Then run 'foo'... if you're quick and can point foo at
myrootshell between the time the kernel decides to run perl (or sh or
any other #!'ist script), myrootshell will run as root... even though
it's not suid.
--
Brian Moore | Of course vi is God's editor.
Sysadmin, C/Perl Hacker | If He used Emacs, He'd still be waiting
Usenet Vandal | for it to load on the seventh day.
Netscum, Bane of Elves.
------------------------------
From: Harlan Grove <[EMAIL PROTECTED]>
Subject: Re: add a second root-account
Date: Wed, 17 May 2000 14:55:39 -0700
In article <[EMAIL PROTECTED]>, Floyd Davidson
<[EMAIL PROTECTED]> wrote:
<snip>
>It will not accomplish what you think it will. When the
>system uses /etc/passwd it does not go looking for "root"
>except when you login. . . .
To be fair, I think he realizes that. He wants a second
root _login_ account, one that will give a different HOME
and USER values, with HOME pointing somethere other
than /root. At least he's been given answers to why \u in
his shell prompt shows root rather than root2.
However, he seems to prefer a second UID = GID = 0 account
rather than something like
su -p -c /usr/local/sbin/fix-up-script
to fix self-inflicted problems. The unanswered question is
why he's doing anything that's trashing /root that couldn't
be tested with a normal user account doing the same thing
to it's HOME directory.
* Sent from AltaVista http://www.altavista.com Where you can also find related Web
Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
