Re: red worm amusement
Microsoft Windows is not really bad, if you know how to admin it. However, Microsoft give this on its web site: http://www.microsoft.com/NTWorkstation/downloads/Recommended/Featured/NTZAK. asp Oh my god... Zero Administration ? Luckily, Debian is asking their administrator check for security updates periodiclly.
Re: shared root account
[] yup, which is why nobody gets root but me. if i ever for some reason decided to go back to sysadmin work a criteria for employment would be that no manager, sales guy, or other morons would be permitted access to root for ANY REASON, period, end of story. as for sudo for my own purposes i don't see the point, i don't want my normal account to be a root account nor do i want my user passwd to be a/the root passwd. the logging is nothing more then an annoyance since i know what i run anyway. I agree that sudo is not secure enough. But, if you refer the orginal question, seems sudo is the best sol'n. Security or Finish the task. Which would you choose. -- Ethan Benson http://www.alaska.net/~erbenson/
How to write a secure C program..
I am going to rewrite suexec.c of apache ( to suit my boss's need ). As this program is SUID, I don't want to make any mistake. Besides not passing those arguments to printf( ), what C/C++ function(s) I should take extra care while using? -- Cheng Yuk Pong (SDiZ) 4096/1024 DH/DSS 0xA4C6FAD3 FE28 E6D4 AD21 5D4F F07B EEA6 3C88 5DBB A4C6 FAD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to write a secure C program..
Just as an additional question: Are there any known buffer overflow problem in perl functions? Coz I am writing another program in perl which will, too, run as root and listen to TCP socket with SSL. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
How to write a secure C program..
I am going to rewrite suexec.c of apache ( to suit my boss's need ). As this program is SUID, I don't want to make any mistake. Besides not passing those arguments to printf( ), what C/C++ function(s) I should take extra care while using? -- Cheng Yuk Pong (SDiZ) 4096/1024 DH/DSS 0xA4C6FAD3 FE28 E6D4 AD21 5D4F F07B EEA6 3C88 5DBB A4C6 FAD3
Re: How to write a secure C program..
Just as an additional question: Are there any known buffer overflow problem in perl functions? Coz I am writing another program in perl which will, too, run as root and listen to TCP socket with SSL.
Re: Exploit
Nothing have to be done. It's just a joke. Try it, under that root shell, create some file then ls -l - Original Message - From: Tomasz Olszewski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Exploit Could you please tell me how I can prevent from following exploit: http://lcamtuf.coredump.cx/soft/ld-expl -- Tomasz Olszewski | [EMAIL PROTECTED] W³a¶ciwe jest ludzkiej naturze, nienawidzi?tego, kogo si? skrzywdzi³o. -- Tacyt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exploit
Nothing have to be done. It's just a joke. Try it, under that root shell, create some file then ls -l - Original Message - From: Tomasz Olszewski [EMAIL PROTECTED] To: debian-security@lists.debian.org Subject: Exploit Could you please tell me how I can prevent from following exploit: http://lcamtuf.coredump.cx/soft/ld-expl -- Tomasz Olszewski | [EMAIL PROTECTED] W豉軼iwe jest ludzkiej naturze, nienawidzi?tego, kogo si? skrzywdzi這. -- Tacyt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]