On Wed, 28 Nov 2001, François Bayart wrote:
Hi ,
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig br0 62.4.8.2 netmask 255.255.255.0
On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
Dear .debs,
I'm maintaining a (small-time) group server for our department. In
order to satisfy company policy requirements I need to provide a way
to shutdown the server in case of emergencies. Our network admin was
kind enough to give
I can't resist it!
Add a usb digital camera to the box and only allow people who are not
logged in via ssh (and therefore known users) to shut the machine down
by using the Ctrl+Alt+Del on a keyboard. Add a shutdown init script to
the start of the process which takes a few snaps of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
I am a newbie to this list, so please forgive if something may be a
FAQ.
First of all I want to forward a Security Announcement. Since I run
wuftpd on some server I'd like to know if I am vulnerable with debian
(2.2r4) too.
Is there a place
Hallo Hendrik
On Thu, Nov 29, 2001 at 11:58:46AM +0100, Hendrik Naumann wrote:
First of all I want to forward a Security Announcement. Since I run
wuftpd on some server I'd like to know if I am vulnerable with debian
(2.2r4) too.
Yes it is vulnerable. I already send the patch RedHat to
Hello,
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call
On Thu, Nov 29, 2001 at 12:22:02PM +0100, Hendrik Naumann wrote:
Hm. I may be blind, but here I only see the already anounced issues.
I am looking for a list of issues, not jet announced. Like the one in
the SuSE Mailing.
Then the best ist to subscrbe at bugtraq mailinglist at
On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
I can't resist it!
me too:)
Add a usb digital camera to the box and only allow people who are not
I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand in front of the camera.
--
* Attila Nagy [EMAIL PROTECTED] [2001.11.29 14:30:56+0100]:
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy
Hi all,
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
e.g., on my Woody box I added a user called 'ron' and
crypt(3) only uses the first 8 characters for it's hash.
roniosko is 8 characters. Any extras would be ignored.
I think you'll find trying roniosk would fail.
md5 passwords are a much better option and available
at least from slink (2.1) on (iirc).
I'm not sure about earlier versions.
Roger
On Fri, 30 Nov 2001, Roger Keays wrote:
Hi all,
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
e.g., on
On Fri, 30 Nov 2001, Roger Keays wrote:
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
e.g., on my Woody
Roger Keays [EMAIL PROTECTED] writes:
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
Wrong. You can guess the
Roger Keays wrote:
Hi all,
I'm not sure if this is common knowledge or not, but I have just
noticed the effects of having the first two letters of your password
the same as the first two in your login name... You can use any
extension of your password!!
e.g., on my Woody box I added
Hi ,
I've patch my kernel and now that's correctly work
iptables -A FORWARD -p tcp -s ! 192.168.3.1 --dport 143 -j DROP
So I use 2.4.14 kernel the
http://bridge.sourceforge.net/devel/bridge-nf/bridge-nf-0.0.3-against-2.4.13
-ac7.diff patch
when I set 802.1d Ethernet Bridging in kernel I've a
Interesting. I'm running Debian 2.2r2 (dist-upgraded to testing). I
selected MD5 for my passwords during installation. However, it seems
that it has defaulted my passwords to 8 characters too:
From /etc/pam.d/passwd (login is the same)
password required pam_unix.so nullok obscure
Carel Fellinger wrote:
On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
I can't resist it!
me too:)
Add a usb digital camera to the box and only allow people who are not
I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand in
On Thu, Nov 29, 2001 at 05:59:40PM +, Niall Walsh wrote:
Carel Fellinger wrote:
On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
I can't resist it!
me too:)
Add a usb digital camera to the box and only allow people who are not
I've thought of this too, but rejected it
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it limits access. But of course, vi has the :e command...
Is there any kind of wrapper that can be used to allow sudo to grant
editing access to only one
On Thu, Nov 29, 2001 at 02:45:08PM -0800, William R Ward wrote:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it limits access. But of course, vi has the :e command...
Thats only if they arn't
On Thu, Nov 29, 2001 at 02:45:08PM -0800, William R Ward wrote:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it limits access. But of course, vi has the :e command...
Searched groups.google.com for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message 20011129165355.A15543@ch208h, Mike Renfro writes:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message [EMAIL PROTECTED], Ted Cabeen writes:
In message 20011129165355.A15543@ch208h, Mike Renfro writes:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi
William R Ward [EMAIL PROTECTED] writes:
Is there any kind of wrapper that can be used to allow sudo to grant
editing access to only one file? I am thinking of something similar
to vipw or visudo, but with security in mind; following this basic
algorithm:
1. Using user privileges, Copy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I just signed up with the debian-security mailing list so I am not up to speed
with all the discussions.
What is the status with the wu-ftpd updated potato packages?
I could find no mention of it on the debian main or security web pages
hi ya bill
how about: ( maybe a dumb idea but...a temporary answer??
user vi /etc/aliases
- save it to /tmp/aliases
user sucpaliases
where sucp: and allow users to run sucp as root
- add sucpaliases into the sudo file
#!/bin/bash
#
# sucpaliases
#
Read this:
http://lists.debian.org/debian-changes/2001/debian-changes-200111/msg00085.html
What is the status with the wu-ftpd updated potato packages?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Alvin Oga writes:
how about: ( maybe a dumb idea but...a temporary answer??
user vi /etc/aliases
- save it to /tmp/aliases
user sucpaliases
where sucp: and allow users to run sucp as root
- add sucpaliases into the sudo file
Not bad... then wrap the whole thing in a
hi ya bill
if that sh script is called sucpaliases...
you cannot(should not) put sudo sucpaliases inside of it
- infinite recursion...
the original idea was to copy and install the users versions
of /etc/aliases file w/o giving um root or changing permissions...
and not to allow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This would be a wonderful application of OTP's.
On Thursday 29 November 2001 11:59 am, Niall Walsh wrote:
Maybe put
the password with the security guard so he can record who took the
passwd to reset it (obviously you need to reset the password
Just FYI, Slashdot has a discussionn up on encrypted file systems that
might be of interest to folks who partisipated in the discussion here.
This direct link might work:
http://slashdot.org/article.pl?sid=01/11/28/1549252mode=thread
Curt-
---
Curt Howland +81-3-5772-5832
Alvin Oga writes:
if that sh script is called sucpaliases...
you cannot(should not) put sudo sucpaliases inside of it
- infinite recursion...
Of course not. The script I wrote is editaliases and inside that
script, your sucpaliases is called.
-- another simpler way is to make
Hello all,
Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
Testing is using 2.6.1-5, is that also compromised? I have been
watching it all day but haven't seen any updates.
If it is not secure has a patched version been made available anywhere?
I can't seem to find any
The article I read about it on the Register...
http://www.theregister.co.uk/content/4/23082.html
"The hole affects thousands of users of virtually
every Linux release.
Because of the wide implications, Core, working with
CERT, and, at
Thanks Curtis,
I know the maintainer has put together a fixed version for
Potato/stable, I am wondering if he has had time to do the testing yet,
or if we rollback to the testing one or what. I'm just hoping that
rollback won't be a dependency nightmare... the stable version is
Below is the result of your feedback form. It was submitted by
([EMAIL PROTECTED]) on Friday, November 30, 2001 at 03:40:39
---
: Hey, what's up, yall? I found a site and if you want to meet people and talk to
:people on
On Wed, 28 Nov 2001, François Bayart wrote:
Hi ,
I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig br0 62.4.8.2 netmask 255.255.255.0
On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
Dear .debs,
I'm maintaining a (small-time) group server for our department. In
order to satisfy company policy requirements I need to provide a way
to shutdown the server in case of emergencies. Our network admin was
kind enough to give
I can't resist it!
Add a usb digital camera to the box and only allow people who are not
logged in via ssh (and therefore known users) to shut the machine down
by using the Ctrl+Alt+Del on a keyboard. Add a shutdown init script to
the start of the process which takes a few snaps of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
I am a newbie to this list, so please forgive if something may be a
FAQ.
First of all I want to forward a Security Announcement. Since I run
wuftpd on some server I'd like to know if I am vulnerable with debian
(2.2r4) too.
Is there a place
How about if a webpage was made on the server that would require user
authentication and would execute a suid shutdown CGI script?
Hello,
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call
Hello,
One point you are missing is that it is possible using this kind of
configuration to create a firewall where you cannot address any of
it's external interfaces. So how can you do an intrusion attack on a
firewall that you cannot address?
In theory it is possible. If you can use the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
Is there a place where to find pending issues for debian?
http://security.debian.org/
Hm. I may be blind, but here I only see the already anounced issues.
I am looking for a list of issues, not jet announced. Like the one in
the SuSE
On Thu, Nov 29, 2001 at 12:22:02PM +0100, Hendrik Naumann wrote:
Hm. I may be blind, but here I only see the already anounced issues.
I am looking for a list of issues, not jet announced. Like the one in
the SuSE Mailing.
Then the best ist to subscrbe at bugtraq mailinglist at
On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
I can't resist it!
me too:)
Add a usb digital camera to the box and only allow people who are not
I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand in front of the camera.
--
* Attila Nagy [EMAIL PROTECTED] [2001.11.29 14:30:56+0100]:
a firewall needs to have IP routing capabilities to be able to enforce
rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy
Hi all,
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
e.g., on my Woody box I added a user called 'ron' and
crypt(3) only uses the first 8 characters for it's hash.
roniosko is 8 characters. Any extras would be ignored.
I think you'll find trying roniosk would fail.
md5 passwords are a much better option and available
at least from slink (2.1) on (iirc).
I'm not sure about earlier versions.
Roger
On Fri, 30 Nov 2001, Roger Keays wrote:
Hi all,
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
e.g., on my
On Fri, 30 Nov 2001, Roger Keays wrote:
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
e.g., on my Woody
Roger Keays [EMAIL PROTECTED] writes:
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
password!!
Wrong. You can guess the
Roger Keays wrote:
Hi all,
I'm not sure if this is common knowledge or not, but I have just
noticed the effects of having the first two letters of your password
the same as the first two in your login name... You can use any
extension of your password!!
e.g., on my Woody box I added a
Hi ,
I've patch my kernel and now that's correctly work
iptables -A FORWARD -p tcp -s ! 192.168.3.1 --dport 143 -j DROP
So I use 2.4.14 kernel the
http://bridge.sourceforge.net/devel/bridge-nf/bridge-nf-0.0.3-against-2.4.13
-ac7.diff patch
when I set 802.1d Ethernet Bridging in kernel I've a
ons, 2001-11-28 kl. 02:58 skrev Olaf Meeuwissen:
That's exactly what my sudo setup does right now. The problem is that
apparently *everyone* needs to be able to shut down the machine (for
reasons that are beyond me). Added accounts on an as needed basis is
fine with me, but I don't fancy
Mike Dresser wrote:
On Fri, 30 Nov 2001, Roger Keays wrote:
I'm not sure if this is common knowledge or not, but I have just noticed
the effects of having the first two letters of your password the same as
the first two in your login name... You can use any extension of your
Interesting. I'm running Debian 2.2r2 (dist-upgraded to testing). I
selected MD5 for my passwords during installation. However, it seems
that it has defaulted my passwords to 8 characters too:
From /etc/pam.d/passwd (login is the same)
password required pam_unix.so nullok obscure
Carel Fellinger wrote:
On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
I can't resist it!
me too:)
Add a usb digital camera to the box and only allow people who are not
I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand
On Thu, Nov 29, 2001 at 05:59:40PM +, Niall Walsh wrote:
Carel Fellinger wrote:
On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
I can't resist it!
me too:)
Add a usb digital camera to the box and only allow people who are not
I've thought of this too, but rejected it
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it limits access. But of course, vi has the :e command...
Is there any kind of wrapper that can be used to allow sudo to grant
editing access to only one
On Thu, Nov 29, 2001 at 02:45:08PM -0800, William R Ward wrote:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it limits access. But of course, vi has the :e command...
Thats only if they arn't
On Thu, Nov 29, 2001 at 02:45:08PM -0800, William R Ward wrote:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in the sudoers file, thinking
that it limits access. But of course, vi has the :e command...
Searched groups.google.com for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message [EMAIL PROTECTED], Ted Cabeen writes:
In message [EMAIL PROTECTED], Mike Renfro writes:
A lazy sysadmin, not thinking through the ramifications, might put
things like /usr/bin/vi /etc/aliases in
William R Ward [EMAIL PROTECTED] writes:
Is there any kind of wrapper that can be used to allow sudo to grant
editing access to only one file? I am thinking of something similar
to vipw or visudo, but with security in mind; following this basic
algorithm:
1. Using user privileges, Copy the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I just signed up with the debian-security mailing list so I am not up to speed
with all the discussions.
What is the status with the wu-ftpd updated potato packages?
I could find no mention of it on the debian main or security web pages
hi ya bill
how about: ( maybe a dumb idea but...a temporary answer??
user vi /etc/aliases
- save it to /tmp/aliases
user sucpaliases
where sucp: and allow users to run sucp as root
- add sucpaliases into the sudo file
#!/bin/bash
#
# sucpaliases
#
Read this:
http://lists.debian.org/debian-changes/2001/debian-changes-200111/msg00085.html
What is the status with the wu-ftpd updated potato packages?
Alvin Oga writes:
how about: ( maybe a dumb idea but...a temporary answer??
user vi /etc/aliases
- save it to /tmp/aliases
user sucpaliases
where sucp: and allow users to run sucp as root
- add sucpaliases into the sudo file
Not bad... then wrap the whole thing in a
hi ya bill
if that sh script is called sucpaliases...
you cannot(should not) put sudo sucpaliases inside of it
- infinite recursion...
the original idea was to copy and install the users versions
of /etc/aliases file w/o giving um root or changing permissions...
and not to allow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This would be a wonderful application of OTP's.
On Thursday 29 November 2001 11:59 am, Niall Walsh wrote:
Maybe put
the password with the security guard so he can record who took the
passwd to reset it (obviously you need to reset the password
Below is the result of your feedback form. It was submitted by
([EMAIL PROTECTED]) on Friday, November 30, 2001 at 03:40:39
---
: Hey, what's up, yall? I found a site and if you want to meet people and talk
to people on
Just FYI, Slashdot has a discussionn up on encrypted file systems that
might be of interest to folks who partisipated in the discussion here.
This direct link might work:
http://slashdot.org/article.pl?sid=01/11/28/1549252mode=thread
Curt-
---
Curt Howland +81-3-5772-5832
Alvin Oga writes:
if that sh script is called sucpaliases...
you cannot(should not) put sudo sucpaliases inside of it
- infinite recursion...
Of course not. The script I wrote is editaliases and inside that
script, your sucpaliases is called.
-- another simpler way is to make
74 matches
Mail list logo