On Wed, Nov 03, 2004 at 10:17:22AM +, Marcus Williams wrote:
> On 03/11/2004, Andrew Pimlott wrote:
> > Do you have such a thing? I would absolutely love an ssh agent that
> > only asks for pass-phrases as needed, times them out eventually, and
> > can prompt before
On Tue, Nov 02, 2004 at 10:14:37AM -0200, Henrique de Moraes Holschuh wrote:
> (and if you are as paranoid as you
> should, you're using an agent that ASKS before doing any work).
Do you have such a thing? I would absolutely love an ssh agent that
only asks for pass-phrases as needed, times them
On Fri, Aug 13, 2004 at 08:13:21AM -0700, Wanda Round wrote:
> Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
> SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
> ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
>
> What are these lines
On Sun, Aug 01, 2004 at 08:24:29PM +0200, Jan Minar wrote:
> On Wed, Jul 28, 2004 at 04:54:35AM -0400, Andrew Pimlott wrote:
> >I verified that if I "su - andrew bash" as root, then
> > andrew can write to root's terminal, even after bash exits (just h
On Wed, Jul 28, 2004 at 04:56:20PM +1000, Russell Coker wrote:
> On Tue, 27 Jul 2004 07:48, Andrew Pimlott <[EMAIL PROTECTED]> wrote:
> > If this is a real problem (which it sounds like), it's not specific to
> > init scripts. Shouldn't it be fixed in su?
>
On Mon, Jul 26, 2004 at 02:53:56PM +1000, Russell Coker wrote:
> The start scripts for some daemons do "su - user" or use
> "start-stop-daemon -c" to launch the daemon, postgresql is one example.
>
> During the time between the daemon launch and it closing it's file handles and
> calling setsid(2
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> Is there an emergency patch/workaround for this, if disabling ssh is not
> an option? Are systems with Privilege Separation affected?
There's already a new package on security.debian.org. I can't
vouch for it myself, but here's the
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> Is there an emergency patch/workaround for this, if disabling ssh is not
> an option? Are systems with Privilege Separation affected?
There's already a new package on security.debian.org. I can't
vouch for it myself, but here's the
On Mon, Jul 28, 2003 at 12:33:13PM -0400, George Georgalis wrote:
> ls -rltu /var/lib/dpkg/info/*list
I've picked up the habit of using aptitude for all package
manipulation, even at the command line, just because it leaves a log
in /var/log/aptitude. I'm sure you could graft this onto apt, but
i
On Mon, Jul 28, 2003 at 12:33:13PM -0400, George Georgalis wrote:
> ls -rltu /var/lib/dpkg/info/*list
I've picked up the habit of using aptitude for all package
manipulation, even at the command line, just because it leaves a log
in /var/log/aptitude. I'm sure you could graft this onto apt, but
i
On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
> in another (german) newsgroup i saw a comment, being a bit upset about
> the general-every-distribution behaviour to install new daemons under a
> single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd,
> the defa
On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
> in another (german) newsgroup i saw a comment, being a bit upset about
> the general-every-distribution behaviour to install new daemons under a
> single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd,
> the defa
On Wed, Apr 30, 2003 at 12:07:33PM -0500, Drew Scott Daniels wrote:
> http://packetstorm.linuxsecurity.com/filedesc/injectso-0.2.1.tar.html
> describes injectso, "a tool that can be used to inject shared libraries
> into running processes on Linux (x86/IA32 and Sparc)...".
>
> Maybe I misunderstan
On Wed, Apr 30, 2003 at 12:07:33PM -0500, Drew Scott Daniels wrote:
> http://packetstorm.linuxsecurity.com/filedesc/injectso-0.2.1.tar.html
> describes injectso, "a tool that can be used to inject shared libraries
> into running processes on Linux (x86/IA32 and Sparc)...".
>
> Maybe I misunderstan
On Tue, Sep 17, 2002 at 11:24:31PM +0200, Michael Renzmann wrote:
> I'm wondering if there is a way to get an directory listing from apache
> if there is an index.html available in that directory.
Yes, if your apache isn't up-to-date.
http://www.google.com/search?q=apache%20directory%20listi
On Tue, Sep 17, 2002 at 11:24:31PM +0200, Michael Renzmann wrote:
> I'm wondering if there is a way to get an directory listing from apache
> if there is an index.html available in that directory.
Yes, if your apache isn't up-to-date.
http://www.google.com/search?q=apache%20directory%20list
On Fri, Aug 30, 2002 at 08:53:09AM -0600, Joe Moore wrote:
> Actually, your realization is wrong. The definitions in /etc/group add a
> supplementary GID to the UID telnetd. There is no change needed in the
> application or sgid bits. The OS handles the initgroups() call.
Buzz. The OS does not
On Wed, Aug 07, 2002 at 03:35:44AM +, Aurelio Turco wrote:
> Debian Weekly News of 2002JUL18,
> recommended the following:
>
> deb http://security.debian.org/debian-security stable/updates
> main contrib non-free
>
> deb http://security.debian.org/debian-non-US stable/non-US
> m
On Mon, Jun 03, 2002 at 11:38:06PM +0300, Sami Haahtinen wrote:
> On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote:
> > lsof -Pi | grep
>
> better yet -- lsof -Pi :
>
> this reminds me of the 'oh, so familiar', Useless Use of
> -awards from usenet =)
I contest this! "Useless Use
On Mon, Jun 03, 2002 at 11:38:06PM +0300, Sami Haahtinen wrote:
> On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote:
> > lsof -Pi | grep
>
> better yet -- lsof -Pi :
>
> this reminds me of the 'oh, so familiar', Useless Use of
> -awards from usenet =)
I contest this! "Useless Us
On Fri, May 10, 2002 at 08:55:40PM -0300, Peter Cordes wrote:
> dpkg --get-selections | grep '[^A-Za-z]install$' | cut -f1
> should work.
In the interests of saving you some typing in the future, try
grep -w install
:-)
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Fri, May 10, 2002 at 08:55:40PM -0300, Peter Cordes wrote:
> dpkg --get-selections | grep '[^A-Za-z]install$' | cut -f1
> should work.
In the interests of saving you some typing in the future, try
grep -w install
:-)
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Thu, May 02, 2002 at 03:03:54PM +0200, Stefan Hornburg (Racke) wrote:
> # Pass parameters to Swish++ search program
> open (SEARCH, '-|')
> or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index',
> "$search";
>
> >From the Perl documentation it should be safe to pass "unsafe"
On Thu, May 02, 2002 at 03:03:54PM +0200, Stefan Hornburg (Racke) wrote:
> # Pass parameters to Swish++ search program
> open (SEARCH, '-|')
> or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
>
> >From the Perl documentation it should be safe to pass "unsafe" ch
On Fri, Apr 26, 2002 at 08:59:50AM +0200, Martin Quinson wrote:
> What is a cross-site scripting type attack ?
One of the first analyses was published by Marc Slemko of the Apache
Group at http://httpd.apache.org/info/css-security/ . You'll
probably have to read the CERT links on that page as wel
On Fri, Apr 26, 2002 at 08:59:50AM +0200, Martin Quinson wrote:
> What is a cross-site scripting type attack ?
One of the first analyses was published by Marc Slemko of the Apache
Group at http://httpd.apache.org/info/css-security/ . You'll
probably have to read the CERT links on that page as we
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid. Reduces redundancy, and
&g
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid. Reduces redundancy, and
&g
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> Here is an example:
>
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftsubnet=192.168.2.0/24
> leftid="C=DE, ST=Bavaria, O=Octogo
On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> Here is an example:
>
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftsubnet=192.168.2.0/24
> leftid="C=DE, ST=Bavaria, O=Octog
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
> this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
> this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a su
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> but give me at least one argument why these acts cannot combine with
> a *temporary* fix uploaded to the so-called "security archives".
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to f
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a su
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> but give me at least one argument why these acts cannot combine with
> a *temporary* fix uploaded to the so-called "security archives".
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to
36 matches
Mail list logo