[SLUG] security problems and next steps
hi guys, if someone finds a security hole in a web application and wants to notifiy the admin of the page, what do you suggest are the next steps wo be taken to ensure that the admin takes the report seriously? i mean, just sending the report without description about further steps (publication after some time, ...) is not really helpful. most of the reports will be ignored or simply forgotten. does someone have a link to a page or can give me some suggestions? cya, gottfried -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
On Tue, Mar 16, 2004 at 10:16:29PM +1100, Gottfried Szing wrote: if someone finds a security hole in a web application and wants to notifiy the admin of the page, what do you suggest are the next steps wo be taken to ensure that the admin takes the report seriously? Inform the admin. Give an *exact* problem report, with a recipe for reproduction. Explain what you believe the ramifications are. You can mention what you intend to do after this (in 14 days I will report this problem to Bugtraq unless you contact me to discuss an extension) but you have to make very sure it doesn't look like a threat or blackmail or anything. Ensure you've provided good contact details for yourself. If it's OSS, create a minimal patch which fixes the problem, and include that. i mean, just sending the report without description about further steps (publication after some time, ...) is not really helpful. most of the reports will be ignored or simply forgotten. Any admin who ignores security-related vulnerabilities needs to be shot. Just find the IP range they're responsible for and null-route it. Much easier in the long run. does someone have a link to a page or can give me some suggestions? I'm sure bugtraq and fulldisclosure would have information on usefully reporting security vulnerabilities, but I couldn't give you exact URLs. - Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
That is a good question, what I think you should do is contact the company in question ask to talk to their IT manger, describe the security problems ask for their email address and their web developers email address to send the security hole to. In the email address describe the security breach and how you found it. If the bug is in an opensource web app post it to the app's bugzilla list to resolve it. ;-) hi guys, if someone finds a security hole in a web application and wants to notifiy the admin of the page, what do you suggest are the next steps wo be taken to ensure that the admin takes the report seriously? i mean, just sending the report without description about further steps (publication after some time, ...) is not really helpful. most of the reports will be ignored or simply forgotten. does someone have a link to a page or can give me some suggestions? cya, gottfried -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
hi slugs if someone finds a security hole in a web application and wants to notifiy the admin of the page, what do you suggest are the next steps wo be taken to ensure that the admin takes the report seriously? Make a phone call if you can. For a start, it's more personable, and the admin on the other end of the line may have an easier time understanding that you're trying to help. Somewhat cynically, you haven't written it down, so it can't be used as evidence against you, and you can more easily control the flow of information about yourself. but i think that hiding all the information from the other side can cause 2 problems: 1. spoken information is never as accurate as written information. i mean that describing in words a problem can lead to missunderstandings (wrong ports, no basic understanding, ...). 2. control of information flow: this is just an illusion, because after calling them, i have lost control. but i agree to the part about no evidence against you. :) after some searching in the web i have found 2 interessting pages at cert. http://www.cert.org/tech_tips/incident_reporting.html - this is about the way, how a report should be constructed, to whom it should go, and much more. http://www.cert.org/kb/vul_disclosure.html is the way how cert handles reports and the most interessting thing (for me) is, that they wait 45 days before disclosure. i will see how long it takes till the admin of the site responds. i have already sent a report to the office address (the only email address listed in the contact page) and they forwarded the report to the admin. thanks, gottfried -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] sed search on outlook export
Hi I'm trying to search and replace some cr and lf characters in a text file (comma separated). I want to substitute the crlf characters (that is carriage return, line feed, double quote.)for cr|lf(that is carriage return, pipe, line feed, double quote) The reason I am trying to do this is that I have a text (csv) file out of Outlook that has carriage return line feeds in the address fields, and this is causing the other fields to become miss aligned when reading into my open office spread sheet. By changing the record separator, I can then go through and change the inconsistencies within the address field, then just change the record separator back to crlf. I have been trying the following sed 's/\x0D\x0A\/\x0D|\x0A\/g' but it does not seem to pick up on the hex chars at all. So nothing is changed. Does anyone know an easier way of doing this? I tried hexedit but could find a global search and replace function. Thanks Pete -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
On Wed, Mar 17, 2004, Gottfried Szing wrote: [quoting someone else]: Make a phone call if you can. For a start, it's more personable, and the admin on the other end of the line may have an easier time understanding that you're trying to help. Somewhat cynically, you haven't written it down, so it can't be used as evidence against you, and you can more easily control the flow of information about yourself. 2. control of information flow: this is just an illusion, because after calling them, i have lost control. Well, you've lost control of information about the breach, but not of information about yourself, which your correspondent seems to be referring to. You don't have to give your name or identifying details over the phone, and you can take some steps to hide your telephone number. -Mary PS Further comments on identity-hiding to slug-chat... thanks. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote: If the bug is in an opensource web app post it to the app's bugzilla list to resolve it. ;-) Is this good etiquette in the case of serious security breaches? It potentially alerts the entire web-using world to the existence of the problem. If the fix is difficult or complex, this potentially allows exploits to be developed before fixes, which is what you try and avoid when you're reporting a security problem. I would tend to leave the decision to the developers about whether to post the bug in any publicly accessible place. Of course, the real problem is when the developers are unresponsive. -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
Mary Gardiner wrote: On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote: If the bug is in an opensource web app post it to the app's bugzilla list to resolve it. ;-) Is this good etiquette in the case of serious security breaches? It potentially alerts the entire web-using world to the existence of the problem. If the fix is difficult or complex, this potentially allows exploits to be developed before fixes, which is what you try and avoid when you're reporting a security problem. I would tend to leave the decision to the developers about whether to post the bug in any publicly accessible place. Of course, the real problem is when the developers are unresponsive. and this describes the two pages of the cert very well. report the incident and wait a certain time. and if nothing happens or no respond is received, undisclose the bug (via bugtracking tool, bugtraq, ...). but this depends always on the severity of the problem. in any case someone should give the responsible person the time to understand, to analyse and to respond to the problem. and of course the other party should have the time to fix the problem without introducing new problems. cya -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
On Tue, Mar 16, 2004, Gottfried Szing wrote: does someone have a link to a page or can give me some suggestions? The Organisation for Internet Safety (I have never heard of them before, but they seem to have Google juice!) has issued the Guidelines for Security Vulnerability Reporting and Response Process - V1.0. You can get it here: http://oisafety.org/reference/process.pdf [note: it's a 780kb PDF file]. -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
Mary, I don't know about good etiquette, but if the product is open source, you still advise the user there is a bug, and advise them you will be releasing the security problem to the developers web site for them to recitify the problem. The key issue is that both the developers and the client needs to know about the problem. So they both can make an educated decission on their course of action. You would not be blatent enough to say I have checked this hole on microsoft.com who uses version 4.09rc1 of xyz which has sql injections problems. I think you need to use a bit of smarts and just say Version 4.09rc1 of xyz has sql injection issues which results in blah. Then again it depends on your ethics, and how much moral fiber you and the exposed company has. ;-) There was a case 2 years ago about some developer who worked for a web company he found huge gaping security holes in their applications advised the bosses who sacked him, in turn released the security holes to the general public in a bugtraq list. He was taken to court and sued by the company mind you that was in the good ole US of A. I don't know how the court case ended. I hope the ex-employee won. On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote: If the bug is in an opensource web app post it to the app's bugzilla list to resolve it. ;-) Is this good etiquette in the case of serious security breaches? It potentially alerts the entire web-using world to the existence of the problem. If the fix is difficult or complex, this potentially allows exploits to be developed before fixes, which is what you try and avoid when you're reporting a security problem. I would tend to leave the decision to the developers about whether to post the bug in any publicly accessible place. Of course, the real problem is when the developers are unresponsive. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] security problems and next steps
On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote: I don't know about good etiquette, but if the product is open source, you still advise the user there is a bug, and advise them you will be releasing the security problem to the developers web site for them to recitify the problem. The key issue is that both the developers and the client needs to know about the problem. So they both can make an educated decission on their course of action. I'm not involved in security procedures anywhere, but my understanding is that when advising the clients/users might also risk advising potential attackers (as it would with most open source projects), you need to weigh up the gain of giving users early warning against giving attackers early warning. There's not many cases where you can warn only the 'good' users and not the bad unless you have a very tight relationship with a small customer base. In the case where you actually have a patch that fixes the problem, the users can apply it themselves if the developers don't. However, if your advisory is along the lines of the entire design of your project is riddled with code that assumes $X and $X is incredibly vulnerable then exploits will be developed quickly once the information is known, but fixes slowly. In that case, I would prefer as a user the situation where developers are advised without knowledge and I'm advised when fixes are available, to the alternative where I know straight away, so do attackers, and fixes aren't available for weeks. This all changes if exploits get out of course, and also changes in the case of uncooperative developers. -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Committee Nomination
On Tue, Mar 16, 2004, Chris Deigan wrote: I'd like to nominate Jamie Wilkinson for Treasurer. Added Jamie to http://www.slug.org.au/2004/election.html -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sed search on outlook export
On Wed, 17 Mar 2004, Peter Tyler wrote: Hi I'm trying to search and replace some cr and lf characters in a text file (comma separated). I want to substitute the crlf characters (that is carriage return, line feed, double quote.)for cr|lf(that is carriage return, pipe, line feed, double quote) The reason I am trying to do this is that I have a text (csv) file out of Outlook that has carriage return line feeds in the address fields, and this is causing the other fields to become miss aligned when reading into my open office spread sheet. By changing the record separator, I can then go through and change the inconsistencies within the address field, then just change the record separator back to crlf. I have been trying the following sed 's/\x0D\x0A\/\x0D|\x0A\/g' but it does not seem to pick up on the hex chars at all. So nothing is changed. Does anyone know an easier way of doing this? I tried hexedit but could find a global search and replace function. Not quite the solution you're after but wouldn't it be a whole lot easier to just load the XLS file into OpenOffice? Apart from that the problem with sed is it's going to see the 0x0A as a new line no matter what (had a quick look for an option to turn this off). Perhaps you can do this:- cat file | tr \n \f | sed -e 's/\r\f\/\r\|\f\/g' | tr \f \n newfile The \f is a form feed and is unlikely to be in the text. -- ---GRiP--- Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, Linux Guru, SLUG/AUUG/Linux Australia member, Sydney Flashmobber, BMX rider, Walker, Raver rave music lover, Big kid that refuses to grow up. I'd make a good family pet, take me home today! Do people actually read these things? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] SLUG AGM: Proxy votes, membership fees and committee nominations
This is the second last mail wrt to the AGM, I'll send one last one a few days out next week. --- Proxy votes --- If you want to vote but can't be there on the night, please let the committee know the name of a proxy. If you can't organise a proxy, mail the committee and one of the current committee members will hold your proxy vote. If you do not let the committee know of your proxy appointment, the proxy will NOT be allowed to vote on your behalf. If you're a candidate and can't be there, mail the committee and one of the current committee members will make a statement for you. You will probably also wish to appoint a proxy to hold your vote. PLEASE NOTE: If you can't be there and want to vote, you must make sure that you have joined for 2004-2005. Either send us a cheque (accompanied by your full name, postal address and email address) or send your proxy along with the membership fee (and your full name, postal address and email address). --- Membership fees --- The 2004-2005 membership fee is: - $15 for full-time students, unemployed people and healthcare card holders - $25 for everyone else Membership is until the 2005 AGM. The cost will halve on 26th September 2004 as per the Constitution, since you'll only get six months membership at that point! --- Committee election --- We've got nominations for all positions now, but there are still only eight people total, so plenty of room in the field... Nominations to date: President Jan Schmidt (nominated by Craige McWhirter, seconded by Ben Leslie) Vice President Robert Collins (nominated by Robert Collins, seconded by Jeff Waugh, Bruce Badger) Peter Hardy (nominated by Craige McWhirter, seconded by Ben Leslie) Secretary Jaime Hemmett (nominated by Peter Hardy, seconded by Craige McWhirter) Treasurer Jaime Hemmett (nominated by Jamie Wilkinson, seconded by Jan Schmidt) Sarah Webster (nominated by Jamie Wilkinson, seconded by Jan Schmidt) Jamie Wilkinson (nominated by Chris Deigan, seconded by Peter Hardy) Ordinary committee member (3 positions) Robert Collins (nominated by Robert Collins, seconded by Jeff Waugh, Bruce Badger) Jaime Hemmett (nominated by Peter Hardy, seconded by Jared Wyles) Michael Kortvelyesy (nominated by Michael Kortvelyesy, no second so far) Craige McWhirter (nominated by Craige McWhirter, seconded by Ben Leslie, Robert Collins) Honourary committee member (unofficial position) Chris Deigan (nominated by Jeff Waugh, seconded by Robert Collins) Re acceptances: very few people have formally accepted their nomination. (I'm assuming the people who nominated themself have!) I'll get candidates to confirm on the night -- if you're not there and I didn't get an acceptance from you though, we'll have to assume you didn't accept! See http://www.slug.org.au/2004/election.html for more info. -Mary Gardiner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Reminder: March DebSIG
It's tonight! See you there. -Forwarded Message- From: Craige McWhirter [EMAIL PROTECTED] To: SLUG Announce [EMAIL PROTECTED] Subject: March DebSIG Date: Fri, 12 Mar 2004 13:55:00 +1100 When: Wednesday, March 17, 7:00pm - 8:00pm Where: James Squire Brewery This month, Angus Lees will be dissecting defoma, along with the usual free-form discussions / debates that will precede and follow his talk. Food, drink and internet access are available and people generally start wandering in from 18:30 for a good 'ol chin wag. For more detailed information, maps, RSS feeds and the like, head here: http://debian.slug.org.au/ See you all there! -- Cheers, Craige Let me take you a button-hole lower. -- William Shakespeare, Love's Labour's Lost signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Printer port
Our RH7.2 server printer port died last night, and we've installed another on a PCI card. However, kudzu don't recognise the new system, and running printconf shows no printer devices. How do I get the system to setup the new printer port as an lp device? Edwin Humphries, Ironstone Technology Pty Ltd [EMAIL PROTECTED] www.ironstone.com.au Phone: 02 4233 2285 Fax: 02 4233 2299 Mobile: 0419 233 051 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Printer port
Did you disable the dead printer port? you may have some an irq conflict Our RH7.2 server printer port died last night, and we've installed another on a PCI card. However, kudzu don't recognise the new system, and running printconf shows no printer devices. How do I get the system to setup the new printer port as an lp device? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Printer port
Yes, disabled in BIOS. On 17 Mar 2004 at 13:21, [EMAIL PROTECTED] wrote: Did you disable the dead printer port? you may have some an irq conflict Our RH7.2 server printer port died last night, and we've installed another on a PCI card. However, kudzu don't recognise the new system, and running printconf shows no printer devices. How do I get the system to setup the new printer port as an lp device? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html Edwin Humphries, Ironstone Technology Pty Ltd [EMAIL PROTECTED] www.ironstone.com.au Phone: 02 4233 2285 Fax: 02 4233 2299 Mobile: 0419 233 051 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Message Deleted:Re: Re: Re: Your document
Your message (header below) has been deleted because of the following error: An attachment (document_4351.pif) in the message violated system permissions -- Original Message Header -- Received: from commtech.com.au[220.247.253.144] by exchange.commtech.com.au; Wed, 17 Mar 2004 10:56:07 +0800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Re: Re: Your document Date: Wed, 17 Mar 2004 08:44:55 +0600 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0008_13E0.4E2D X-Priority: 3 X-MSMail-Priority: Normal Message-Id: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] OT: wireless security
I know this is not the reason this list exists, but I know I'm speaking to a community of largely security conscious IT people. What i want to know is what IT security policies are going into place regarding allowing corporate laptop users to access Telstra (and other) wireless hotspot services. That assumes, of course, that laptops are wireless capable, and the wireless system is configured. But it seems to me that allowing wireless hotspot use has significant security issues. Any response - via the list or direct - would be gratefully accepted. Edwin Humphries, Ironstone Technology Pty Ltd [EMAIL PROTECTED] www.ironstone.com.au Phone: 02 4233 2285 Fax: 02 4233 2299 Mobile: 0419 233 051 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Printer port
[EMAIL PROTECTED] wrote on 17-03-2004 01:10:38 PM: Our RH7.2 server printer port died last night, and we've installed another on a PCI card. However, kudzu don't recognise the new system, and running printconf shows no printer devices. How do I get the system to setup the new printer port as an lp device? What brand parallel port is it? Check if its supported. I don't know if this is true with parallel, but with serial some brands are(/were) not supported under Linux. What happens if you say, cat /etc/printcap /dev/lp0, does it print? Cheers, Scott -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] pam_mkhomedir
Hi all, I have this line in my pam.d/login file: session required/lib/security/pam_mkhomedir.so skel=/etc/skel while this creates the user directory nicely, it creates new copies of the dot files rather than copying the ones from /etc/skel. Is there anyway I can force it to copy the ones in /etc/skel? This would remove the need for my users (school students who only know Windows) from having to setup their proxy settings abd Open Office settings. Cheers -- Simon Bryan IT Manager OLMC Parramatta -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] pam_mkhomedir
I think you are missing mask=002 or somthing like that have a look at the pam_mkhomedir.so for ldap authentication Hi all, I have this line in my pam.d/login file: sessionrequired /lib/security/pam_mkhomedir.so skel=/etc/skel while this creates the user directory nicely, it creates new copies of the dot files rather than copying the ones from /etc/skel. Is there anyway I can force it to copy the ones in /etc/skel? This would remove the need for my users (school students who only know Windows) from having to setup their proxy settings abd Open Office settings. Cheers -- Simon Bryan IT Manager OLMC Parramatta -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] OT: wireless security
On Wed, 17 Mar 2004, Edwin Humphries wrote: I know this is not the reason this list exists, but I know I'm speaking to a community of largely security conscious IT people. What i want to know is what IT security policies are going into place regarding allowing corporate laptop users to access Telstra (and other) wireless hotspot services. That assumes, of course, that laptops are wireless capable, and the wireless system is configured. But it seems to me that allowing wireless hotspot use has significant security issues. Any response - via the list or direct - would be gratefully accepted. I'd say the policies should be the same as using any public internet service. IE the provider of the service provides no security other than that needed to bill you. The user of the service is responsible for protecting themselves against unwanted traffic. The user must agree to the terms of the provider (how that's going to work I don't know ++) which includes not deliberately disrupting other users or doing anything illegal +++. ++ I'd like to know as it's a potential second stage to a project I'm quoting on. One idea is that all web/proxy access results in redirection to the terms conditions site, no other ports/routing occurs until form filled out and/or payment made. +++ Almost all ISP's insist you not do anything illegal even though they don't check. However, if somebody complains and they can prove it, they cut you off and/or advise authorities. It's going to be potentially difficult to track down wireless culprits, especially if they've hijacked somebody else's connection... but hey, if they can do it for phones... Can you change the MAC address of wireless cards? How long before the Taiwanese build one you can change? -- ---GRiP--- Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, Linux Guru, SLUG/AUUG/Linux Australia member, Sydney Flashmobber, BMX rider, Walker, Raver rave music lover, Big kid that refuses to grow up. I'd make a good family pet, take me home today! Do people actually read these things? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Mandrake 10.0
I am just about to install Mandrake 10.0. Has anyone already done this? If so what do you think of it? Is it much of an improvement on 9.2? Any problems found? Phill --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.596 / Virus Database: 379 - Release Date: 26/02/2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] pam_mkhomedir
On Wed, 17 Mar 2004, Simon Bryan wrote: Hi all, I have this line in my pam.d/login file: session required/lib/security/pam_mkhomedir.so skel=/etc/skel while this creates the user directory nicely, it creates new copies of the dot files rather than copying the ones from /etc/skel. Is there anyway I can force it to copy the ones in /etc/skel? This would remove the need for my users (school students who only know Windows) from having to setup their proxy settings abd Open Office settings. Umm... normally when you run useradd it COPIES from /etc/skel so I'm thinking this should be what happens ... especially since it's mentioned in your pam line. Maybe it's got a permissions problem (strange for root though). Just a thought... is /home NFS/SMB mounted or something like that? -- ---GRiP--- Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, Linux Guru, SLUG/AUUG/Linux Australia member, Sydney Flashmobber, BMX rider, Walker, Raver rave music lover, Big kid that refuses to grow up. I'd make a good family pet, take me home today! Do people actually read these things? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Mandrake 10.0
Yeap. Installed it on Sunday. As far as I can not see much of a difference from 9.2 except for the kernel version. Still the problem for me is I cannot run my video adapter in 3D mode I haven't yet played with the XFree86 or the kernel to tweak my laptop display. I want to get back to playing neverwinter nights on my laptop. :-( I am just about to install Mandrake 10.0. Has anyone already done this? If so what do you think of it? Is it much of an improvement on 9.2? Any problems found? Phill --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.596 / Virus Database: 379 - Release Date: 26/02/2004-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Mandrake 10.0
On Wed, 2004-03-17 at 16:08, Phill O'Flynn (Bigpond) wrote: I am just about to install Mandrake 10.0. Has anyone already done this? If so what do you think of it? Is it much of an improvement on 9.2? Any problems found? I've upgraded my laptop and my parent's computer to it. I was running cooker on my laptop and my parent's machine was a straight 9.2 box. In both cases I did the upgrade with urpmi. My laptop (the cooker machine) had an issue where one of my pam files was clobbered. My parent's box seemed to upgrade without any issues. It's not much different from 9.2. It's got a 2.6 kernel, which is a bit zippier on multi-threaded stuff. It's probably got newer KDE but I don't use that so I don't know. GNOME is still 2.4. The menus are a lot tidier. Mandrake control center is... more different. If it weren't for the new kernel it would almost certainly have been 9.3. HTH, James. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Mandrake 10.0
On Wed, 2004-03-17 at 16:08, Phill O'Flynn (Bigpond) wrote: I am just about to install Mandrake 10.0. Has anyone already done this? If so what do you think of it? Is it much of an improvement on 9.2? Any problems found? I have upgraded from 9.2 to 10beta2 then to 10final via `urpmi --auto-select` and have been very happy with the results. The only real issues that I have experienced is with moving to a 2.6.x kernel (2.6.3 in final). First obvious problem was with sound. Had to change from OSS to the ALSA module for my sound card. I also had usb timeout issues with my HP Scanjet 4100c scanner under 2.6.3 using the libusb driver (the usbscanner driver has been removed from 2.6.3) - I solved this by installing vuescan for Linux. No other problems come to mind. Cheers, John... -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
RE: [SLUG] OT: wireless security
Grant, protecting themselves against unwanted traffic. The user must agree to the terms of the provider (how that's going to work I don't know ++) which includes not deliberately disrupting other users or doing anything illegal +++. ++ I'd like to know as it's a potential second stage to a project I'm quoting on. One idea is that all web/proxy access results in redirection to the terms conditions site, no other ports/routing occurs until form filled out and/or payment made. Was recently travelling in europe and stumbled upon a couple public hotspots in hotels etc. The way they all worked was that they were essentially open to all, but your IP or MAC (or both) were blocked to the internet. You were redirected to a page to enter in your credit card details and once you bought credit, you could login and logout of the system through a web interface - this would essentially block and unblock your access and also of course stop the timer. Great setup - pitty the hotspots I found were pretty expensive (EUR10 for 2 hours) but internet cafes/hotspots in europe are generally pretty expensive compared to our cafés. +++ Almost all ISP's insist you not do anything illegal even though they don't check. However, if somebody complains and they can prove it, they cut you off and/or advise authorities. It's going to be potentially difficult to track down wireless culprits, especially if they've hijacked somebody else's connection... but hey, if they can do it for phones... Look below... Can you change the MAC address of wireless cards? How long before the Taiwanese build one you can change? Yes you can. Question is in this instance, can you have two MAC addresses (different cards) on the same network at the same time?? I suspect this would cause some havoc, or would it?? If you cant have two MAC's on the same network at the same time, there is no way to hijack really (???) because the person has logged off, hence blocking that MAC. Feel free to correct me! Cheers Adam. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] debian unstable.
has anyone noticed when you try to do an apt-get upgrade this last day or so you get errors saying no such file or directory for some of the packages for debian unstable? as I've only moved to unstable recently is this a common occurrance or is just one of those things one must live with using the latest and greatest, thanks in advance -- Shaun Oliver I refuse to have a battle of wits with an unarmed person. email: [EMAIL PROTECTED] WEB: http://blindman.homelinux.org/~blindman/ IRC: irc.awesomechat.net: IRCNICK: blindman -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] debian unstable.
quote who=Shaun Oliver has anyone noticed when you try to do an apt-get upgrade this last day or so you get errors saying no such file or directory for some of the packages for debian unstable? as I've only moved to unstable recently is this a common occurrance or is just one of those things one must live with using the latest and greatest, It's an issue with your mirror. :-) - Jeff -- GVADEC 2004: Kristiansand, Norwayhttp://2004.guadec.org/ Echidnas, or at least the ones I've met, don't have joy. Adults very rarely have joy. Kids have hyperkinetic nuclear joy in abundance. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] debian unstable.
hi I'm using mirror.aarnet.edu.au which do you use? I might run a base-config later to see if I can find a better one. -- Shaun Oliver I refuse to have a battle of wits with an unarmed person. email: [EMAIL PROTECTED] WEB: http://blindman.homelinux.org/~blindman/ IRC: irc.awesomechat.net: IRCNICK: blindman -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] debian unstable.
quote who=Shaun Oliver hi I'm using mirror.aarnet.edu.au which do you use? I might run a base-config later to see if I can find a better one. mirror.pacific.net.au - Jeff -- GVADEC 2004: Kristiansand, Norwayhttp://2004.guadec.org/ I run Linux on pretty much everything except the microwave and washing machine. Those are tempting targets but would probably make Telsa extremely cross. - Alan Cox -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] debian unstable.
- Original Message - From: Shaun Oliver [EMAIL PROTECTED] has anyone noticed when you try to do an apt-get upgrade this last day or so you get errors saying no such file or directory for some of the packages for debian unstable? Are you doing apt-get update first? mirror.pacific.net.au is better as jeff as said... dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Mandrake 10.0
John McQuillen wrote: First obvious problem was with sound. Had to change from OSS to the ALSA module for my sound card. Yep I had to do that as well, and it took me a while to work out. I dual boot with Windows and now Konqueror is MUCH faster loading the /mnt ntfs directories. Now I don't have to emulate scsi drives for my CD drives and K3b loads MUCH faster. Mine was a clean install, not an upgrade and installation was fast and easy. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] D-link Dl-624 802.11g router vs. 3Com AirConnect PCMCIA card 802.11b
I've got these. They won't speak to each other. The PCMCIA card loads just fine in Debian Woody, and connected with the Linksys router used at the Debian Bug Squish at Sydney Uni last saturday just fine. It's working ok. The Dl-624 is in daily use as a wired router, and connects with another 802.11b device I have reliably. It's working ok. But they won't speak with each other, so they're not so useful to me. I'd like to get them working, or I'd like to replace one of them with something that works with the other. Fixing them would be best - I might learn something (hey, it could happen). If someone's interested in one or the other and we can work out something that helps me to replace it, I'll entertain that idea too. So, any suggestions? Despite my lackadaisical tone I'd really like to solve this. Regards, Bret -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] debian unstable.
This one time, at band camp, Jeff Waugh wrote: quote who=Shaun Oliver hi I'm using mirror.aarnet.edu.au which do you use? I might run a base-config later to see if I can find a better one. mirror.pacific.net.au Heh. I got 404s on pacific yesterday. It's all good now though. -- [EMAIL PROTECTED] http://spacepants.org/jaq.gpg -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] SLUG AGM: Proxy votes, membership fees and committee nominations
quote who=Jamie Wilkinson This one time, at band camp, Mary Gardiner wrote: We've got nominations for all positions now, but there are still only eight people total, so plenty of room in the field... Can I remind everyone that all nominees and nominators must be financial members at the time of the AGM otherwise their nomination becomes void, as per the constitution. Look at that. Natural treasurer. - Jeff -- GVADEC 2004: Kristiansand, Norwayhttp://2004.guadec.org/ GNOME, launched specifically to counter a threat to our freedom, is the free software project par excellence. - Richard Stallman -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html