[EUG-LUG:939] Re: Demo Linux -security
On Wed, May 09, 2001 at 07:01:52PM -0700, Timothy Bolz wrote: I have a question about Demo Linux and possible could be used for other distros. If Demo Linux is runs from CD, it almost makes it hack proof is what I'm thinking. Sure everthing that is memory and mounted file systems would be hackable. But Let's say you have a cron job run a diagnostics on memory and file stucture. Since Demo Linux is run from a CD I believe it would be read-only. So If I got a Distro to where I like it I could burn it on a CD and it would read-only. You don't need to burn a CD to have a nonwritable filesystem. You can mount most filesystems read only, and some disks and BIOSes can block writing. To switch from writable to read only in linux: # mount -r -o remount /mount/point to go back: # mount -w -o remount /mount/point rw to ro in OpenBSD: # mount -r -u /mount/point and back: # mount -w -u /mount/point Just make sure you don't make /var and /tmp read only :) [EMAIL PROTECTED]
[EUG-LUG:940] Re: python or perl or $yfsl?
On Wed, May 09, 2001 at 06:06:33AM -0700, larry a price wrote: On Tue, 8 May 2001, Jacob Meuser wrote: One other thing to note - perl is standard on almost every Unix-like OS. Python is not, at least not yet. It's standard with redhat and it's relatives (it's behind that nice graphical install) It's also the implentation behind esr's latest project CML2 which is a build-time configurator for the linux kernel I would venture to say that mod_perl is in wider use than mod_python, if you're looking for web usage. There's also Zope, which is an application server written in python and provides it's own webserver and object persistence framework. Zope is sort of the cadillac of web programming environments, very nice but rather big and demanding of resources. Does the concept of tainted data exist in python? Haven't looked into it thoroughly yet. Are there any built in security features in python? What do you mean by tainted data I've heard the term before, but it was in Javascript context. There is a standard library module rexec which provides a restricted execution environment for executing untrusted code. As well as the standard regular expressions available for filtering out nasties from cgi input. Otherwise, it's up to you (doesn't matter what language). True, the security of code first comes from the coder. But it doesn't hurt to have some kind backing for any code, no matter how secure it may seem. Tainted data in perl is basically anything that comes into your program from outside sources, be it a database, user input, data from a file, whatever. In taint mode, tainted data (at least theoretically) cannot be used to affect anything else outside the program. Perl goes into taint mode automatically when it notices that real and effective UIDs and GIDs are out of sync. You can also enable taint mode with the -T flag. This is highly recommended for CGI scripts. [EMAIL PROTECTED] --larry
[EUG-LUG:941] Re: python or perl or $yfsl?
On Thu, 10 May 2001, Jacob Meuser wrote: --snip-- True, the security of code first comes from the coder. But it doesn't hurt to have some kind backing for any code, no matter how secure it may seem. Tainted data in perl is basically anything that comes into your program from outside sources, be it a database, user input, data from a file, whatever. In taint mode, tainted data (at least theoretically) cannot be used to affect anything else outside the program. Perl goes into taint mode automatically when it notices that real and effective UIDs and GIDs are out of sync. You can also enable taint mode with the -T flag. This is highly recommended for CGI scripts. This may just be a difference in outlook, but it sounds like the kind of under-the-covers-magic that makes perl so difficult for the outsider. Yes python won't stop you from doing something like os.chdir(some_user_supplied_variable) os.execv(user_supplied_path,user_supplied_env_dict) but you're unlikely to do so by accident. Which does occasionally seem like it might be possible in perl ;-) Of course we all know that perl and python will eventually give way to something better http://www.oreilly.com/parrot
[EUG-LUG:942] Re: Demo Linux -security
This may be good for running a firewall or a webserver from, although kbob's point is very good. Difficult to patch when exploits are found. However, cracking a firewall or a webserver is rarely the goal (for larger companies, and for really serious crackers). The real goal is that database full of customer credit cards behind the webserver and the firewall. The firewall and webserver are merely the portals into your network. They are gateways into the pot of gold inside. That's one of the key things we are trying to protect: information. A website defacement is not really a big deal, although it is bad for PR. Other goals may be to crack your system in order to use it as a spam gateway for a few hours, or to install DDoS tools to make your system part of a larger attack. Or your system may just be a gateway for an attacker to crack into government or international systems. This is where you need the firewall logs (difficult to log onto a non-writeable system), and a patchable system. Cory On Wed, May 09, 2001 at 07:01:52PM -0700, Timothy Bolz wrote: I have a question about Demo Linux and possible could be used for other distros. If Demo Linux is runs from CD, it almost makes it hack proof is what I'm thinking. Sure everthing that is memory and mounted file systems would be hackable. But Let's say you have a cron job run a diagnostics on memory and file stucture. Since Demo Linux is run from a CD I believe it would be read-only. So If I got a Distro to where I like it I could burn it on a CD and it would read-only. I was talking to Larry about this and he said put it out on the list. Because what I was thinking you could have a cron job check most everything. Is this possible? So if you had a website that was going to remain static and it was read only no one could deface it. I know it would be slow as CD. What's your thoughts? Tim
[EUG-LUG:943] Re: The Open Source Community responds to Craig Mundie's Speech
On 10 May 2001, at 0:06, Randolph Fritz wrote: On Wed, May 09, 2001 at 08:45:20PM -0700, Dexter Graphic wrote: Here's another one: Ransome Love, CEO of Caldera Systems, agrees with Mundie that the GPL doesn't make much business sense. Ransome Love just canned Nicolas Peterley. I wonder if he'll have anything to say about this comment in his InfoWorld column next week? Cheers, Dennis Custard pies are a sort of esperanto: a universal language. --Noel Godin
[EUG-LUG:945] I think i fixed my xmms issue :)
Hey... I was having a heck of a time wiht xmms locking up... It turns out I have 2 output plugin options, since im using enlightenment, i changed it from the oss driver to the esd driver... now it hasnt locked up yet, and its played for over an hour! *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Hark, the Herald Tribune sings, Advertising wondrous things. -- Tom Leher Generated by /usr/games/fortune Jamie Chamoulos Internet.Now! [EMAIL PROTECTED] http://www.efn.org/~jamie *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
[EUG-LUG:947] Country Fair
We need to start compiling the stuff we want to hand out at the country fair... Do we want to do a new flyer or anything.. We probably have about 1/2 gazillion of those little ones from last year... do we have an recent distros ot hand out? GNU/Opensource materials? Jamie
[EUG-LUG:949] imwheel....
I have been trying to use imweel, (well... mandrake is trying i guess...), I had too much trouble with it under 7.2, but 8.0 was using it fine, however its locked up my machine 3 times this week... I was wondering if anyone else using imwheel with a generic wheel mouse might have figurerd out a simular issue? Jamie
[EUG-LUG:951] Performance Monitors (was: KDE question (SOLVED!))
Jamie wrote: I just tried gkrellm today... Its pretty cool... Its certainly nicer than xosview, and more comprehensive than a bunch of epplets... ( although I like the epplets, they are cool... Now if you want a classy performance meter, there's nothing better than the Moaning Goat Meter. To quote the web page: MGM, the Moaning Goat Meter, is the ultimate sixty-ton cast iron lawn ornament for the desktops of today's hacker set: A gorgeous, highly configurable load and status meter written entirely in Perl. Serious pink-flamingo territory. For evil geniuses only. Available at http://www.xiph.org/mgm/ , it was written by Chris Montgomery, the hacker who brings you the Ogg Vorbis audio file format. -- Bob Miller Kbob kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED]
[EUG-LUG:952] Re: Country Fair
On Thu, May 10, 2001 at 01:43:44PM -0700, Jamie wrote: We need to start compiling the stuff we want to hand out at the country fair... Do we want to do a new flyer or anything.. We probably have about 1/2 gazillion of those little ones from last year... do we have an recent distros ot hand out? GNU/Opensource materials? I recall we were talking about tshirts for this year; maybe Tux on the front with a tie-dyed belly, and the peace-love-linux logo on the back, or perhaps the qoute about there are two main exports of Berkeley; UNIX and LSD. We don't think this is a coincidence. Doesn anyone know a tshirt vendor? -- Christos anesti ek nekron Thanato thanaton patisas; Kai tis en tis mnimasi Zoin charisamenos!
[EUG-LUG:953] Re: imwheel....
I suppose it could be... Ironicly the mouse moves around, but clicking and scrolling fail, and the system gets really busy... (so busy it takes minutes for xdaliclock to update the time on the screen ) I did a: ps aux |grep gpm and it only displayed my grep... so im guessing gpm isnt running... Jamie On Thursday 10 May 2001 02:23 pm, you wrote: Mine works fine even using Mandrake 7.2... Are you sure not a gpm conflict? At 01:58 PM 5/10/2001 -0700, Jamie [EMAIL PROTECTED] wrote: I have been trying to use imweel, (well... mandrake is trying i guess...), I had too much trouble with it under 7.2, but 8.0 was using it fine, however its locked up my machine 3 times this week... I was wondering if anyone else using imwheel with a generic wheel mouse might have figurerd out a simular issue? Jamie
[EUG-LUG:954] Re: imwheel....
Damnit just did it again! On Thursday 10 May 2001 02:59 pm, you wrote: I suppose it could be... Ironicly the mouse moves around, but clicking and scrolling fail, and the system gets really busy... (so busy it takes minutes for xdaliclock to update the time on the screen ) I did a: ps aux |grep gpm and it only displayed my grep... so im guessing gpm isnt running... Jamie On Thursday 10 May 2001 02:23 pm, you wrote: Mine works fine even using Mandrake 7.2... Are you sure not a gpm conflict? At 01:58 PM 5/10/2001 -0700, Jamie [EMAIL PROTECTED] wrote: I have been trying to use imweel, (well... mandrake is trying i guess...), I had too much trouble with it under 7.2, but 8.0 was using it fine, however its locked up my machine 3 times this week... I was wondering if anyone else using imwheel with a generic wheel mouse might have figurerd out a simular issue? Jamie
[EUG-LUG:955] Macromedia flash player
Darn these graphic heavy sites, complicating life. I recently followed these instructions. At least the download, that part was easy. The next part not so. Unpackage the file. From where? I downloaded it into the user directory I was in, home/prime/ etc. Now what, go into console and run these commands? Does this work? File under look before you leap. Thanks, Lindsay 16.09 PDT Thursday 10 May 2001 @97478 bleow is all copied from Flash site. (sorry) With Macromedia Flash Player, you can view the best animation and entertainment on the Web. Click the button to begin installation. Download Time Estimate: 2 minutes @ 56K modem Version: 5.0r47 Platform: Linux Browser: Netscape or Netscape-compatible File size: 561 K Date Posted: 1/29/2001 Language: English Read the End User License Agreement Need a different player? 1. Click the Download Now button. A dialog box will appear asking you where to save the Installer. 2. Save the Installer to your desktop and wait for the file to downloadcompletely. 3. Unpackage the file. 4. Copy the Macromedia Flash Player (libflashplayer.so) into the Netscape plug-in directory. cp $HOME/flash_linux/libflashplayer.so /usr/lib/netscape/plugins 5. Copy the Macromedia Flash Player Java class file (ShockwaveFlash.class) into the Netscape plug-in directory. cp $HOME/flash_linux/ShockwaveFlash.class /usr/lib/netscape/plugins 6. Launch Netscape. Find answers about Macromedia Flash Player privacy, licensing, developing Flash content, and more in our list of Frequently Asked Questions (FAQ). ©1995-2001 Macromedia, Inc. All rights reserved. Privacy policy | Contact us | Feedback