Re: When will kernel-image-2.4.23 be available ?
Alvin Oga <[EMAIL PROTECTED]> writes: > > http://linux.bkbits.net:8080/linux-2.4/diffs/mm/[EMAIL PROTECTED] > > i see other code fragments that has a similar PAGE_ALIGN() problem > > - sounds like the macro needs to be cleaned up ? Sorry, this comment was a little too cryptic for me. Could you expand a little bit on it? Do you want to imply in any way that this patch wouldn't be enough to secure the kernel? If so, why? Thanks a lot in advance! Andreas Goesele -- Omnis enim res, quae dando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est. Augustinus, De doctrina christiana
Re: When will kernel-image-2.4.23 be available ?
Alvin Oga <[EMAIL PROTECTED]> writes: > > http://linux.bkbits.net:8080/linux-2.4/diffs/mm/[EMAIL PROTECTED] > > i see other code fragments that has a similar PAGE_ALIGN() problem > > - sounds like the macro needs to be cleaned up ? Sorry, this comment was a little too cryptic for me. Could you expand a little bit on it? Do you want to imply in any way that this patch wouldn't be enough to secure the kernel? If so, why? Thanks a lot in advance! Andreas Goesele -- Omnis enim res, quae dando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est. Augustinus, De doctrina christiana -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
Hi, >Can't be NIS. NIS will transport any password style faithfully. Of >course the master server must support MD5 passwords if you change your >password and the passwd command sends an MD5 password to the >yppasswordd. I've heard about non-Linux NIS client (for example, solaris8 and SFU - Windows Service for Unix) cannot use MD5 password for NIS. Is it not true? -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
Re: extrange passwd behaviour
Hi, >Can't be NIS. NIS will transport any password style faithfully. Of >course the master server must support MD5 passwords if you change your >password and the passwd command sends an MD5 password to the >yppasswordd. I've heard about non-Linux NIS client (for example, solaris8 and SFU - Windows Service for Unix) cannot use MD5 password for NIS. Is it not true? -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Grsecurity, ssh and postfix
On Fri, 5 Dec 2003 21:45:01 +0100 Florian Weimer <[EMAIL PROTECTED]> wrote: > The privilege separation code invokes chroot(), too. > > Is there a "do not create any new file descriptors" process attribute > in grsecurity? If there is, OpenSSH should toggle instead of calling > chroot() to an empty directory, which is a poor replacement. Hello, Thanks for your explanation but i don't know how to do that with grsecurity. I am looking after this. I have done a chroot environment for ssh to log in for fetch, read and send mails with mutt, procmail, fetchmail and postfix. But i would like to know how i can integrate postfix to this chroot environment. Could you give me some advices about this ? Thanks for your help... Arnaud Fontaine - signature Arnaud Fontaine <[EMAIL PROTECTED]> - http://www.andesi.org/ GnuPG Public Key available at http://www.andesi.org/gpg/dsdebian.asc Fingerprint: 22B6 B676 332E 23BC CA7D 174D 6D41 235A 23A2 500A -- fortune "There are a billion people in China. And I want them to be able to pass notes to each other written in Perl. I want them to be able to write poetry in Perl. That is my vision of the Future. My chosen perspective." -- Larry Wall (Open Sources, 1999 O'Reilly and Associates) pgpJm3VdcXzGW.pgp Description: PGP signature
Re: Grsecurity, ssh and postfix
On Fri, 5 Dec 2003 21:45:01 +0100 Florian Weimer <[EMAIL PROTECTED]> wrote: > The privilege separation code invokes chroot(), too. > > Is there a "do not create any new file descriptors" process attribute > in grsecurity? If there is, OpenSSH should toggle instead of calling > chroot() to an empty directory, which is a poor replacement. Hello, Thanks for your explanation but i don't know how to do that with grsecurity. I am looking after this. I have done a chroot environment for ssh to log in for fetch, read and send mails with mutt, procmail, fetchmail and postfix. But i would like to know how i can integrate postfix to this chroot environment. Could you give me some advices about this ? Thanks for your help... Arnaud Fontaine - signature Arnaud Fontaine <[EMAIL PROTECTED]> - http://www.andesi.org/ GnuPG Public Key available at http://www.andesi.org/gpg/dsdebian.asc Fingerprint: 22B6 B676 332E 23BC CA7D 174D 6D41 235A 23A2 500A -- fortune "There are a billion people in China. And I want them to be able to pass notes to each other written in Perl. I want them to be able to write poetry in Perl. That is my vision of the Future. My chosen perspective." -- Larry Wall (Open Sources, 1999 O'Reilly and Associates) pgp0.pgp Description: PGP signature
Re: extrange passwd behaviour
On Saturday, 2003-12-06 at 17:03:02 +0900, Hideki Yamane wrote: > >i was talking about "i dont know why it is default to use unsecure crypt() > >instead of md5". > >But I can think of something like "compatibility" (to what?) :) > to ...maybe NIS ? > # if the reason why using crypt is NIS compatibility, people >who uses NIS system is not so many, so I think it's better >that defalt value is md5 than crypt. Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
Re: extrange passwd behaviour
On Friday, 2003-12-05 at 20:39:16 +0100, Bernd Eckenfels wrote: > In article <[EMAIL PROTECTED]> you wrote: > >> Dont know why and for which debian versions it is default, I have some > >> mixed > >> ones. > > Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars > > give you exactly 56 bits... > *lol* > i was talking about "i dont know why it is default to use unsecure crypt() > instead of md5". If you find it funny I misunderstood you ... I don't find it funny I can't reply to you. Mail to your addess bounce. :-P > But I can think of something like "compatibility" (to what?) :) Ever heard about X/Open and their Unix standards? I'd bet they specify this in exceeding detail. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
Re: extrange passwd behaviour
Hi, >i was talking about "i dont know why it is default to use unsecure crypt() >instead of md5". >But I can think of something like "compatibility" (to what?) :) to ...maybe NIS ? # if the reason why using crypt is NIS compatibility, people who uses NIS system is not so many, so I think it's better that defalt value is md5 than crypt. -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
Re: extrange passwd behaviour
On Saturday, 2003-12-06 at 17:03:02 +0900, Hideki Yamane wrote: > >i was talking about "i dont know why it is default to use unsecure crypt() instead > >of md5". > >But I can think of something like "compatibility" (to what?) :) > to ...maybe NIS ? > # if the reason why using crypt is NIS compatibility, people >who uses NIS system is not so many, so I think it's better >that defalt value is md5 than crypt. Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
On Friday, 2003-12-05 at 20:39:16 +0100, Bernd Eckenfels wrote: > In article <[EMAIL PROTECTED]> you wrote: > >> Dont know why and for which debian versions it is default, I have some mixed > >> ones. > > Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars > > give you exactly 56 bits... > *lol* > i was talking about "i dont know why it is default to use unsecure crypt() instead > of md5". If you find it funny I misunderstood you ... I don't find it funny I can't reply to you. Mail to your addess bounce. :-P > But I can think of something like "compatibility" (to what?) :) Ever heard about X/Open and their Unix standards? I'd bet they specify this in exceeding detail. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
Hi, >i was talking about "i dont know why it is default to use unsecure crypt() instead of >md5". >But I can think of something like "compatibility" (to what?) :) to ...maybe NIS ? # if the reason why using crypt is NIS compatibility, people who uses NIS system is not so many, so I think it's better that defalt value is md5 than crypt. -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
