also sprach DePriest, Jason R. [EMAIL PROTECTED] [2005.02.18.0530 +0100]:
Since no one has responded to this recently.
http://lists.debian.org/debian-security/2005/01/msg00188.html
wasn't enough?
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft
--- kurt kuene [EMAIL PROTECTED] wrote:
All of my 3 webservers (apache php mysql java tomcat).
on two other webserver I run woody with some packages from sarge
(apt-pining)
and the mail relay servers (spamassasin amavisd postfix clamav).
I run sarge because I need more recent packages and
On Wed, Feb 09, 2005 at 08:48:20AM +0100, Javier Fernández-Sanguino Peña wrote:
Hi everyone,
I've recently uploaded (to experimental only) new Snort 2.3.0 packages
(based on the release made by the Snort team last January 25th). One of the
main reasons I've uploaded this to experimental
On Fri, Feb 18, 2005 at 02:25:17AM -0800, Harry wrote:
use UML and chroot it and run sarge in it.
What does this gain you? A compomised uml is as bad as a compromised
system.
Greetings
Marc
--
-
Marc Haber | I
On Fri, Feb 18, 2005 at 04:40:56AM -0800, Harry wrote:
--- Marc Haber [EMAIL PROTECTED] wrote:
What does this gain you? A compomised uml is as bad as a compromised
system.
I can wipe the UML if the host has not been compromised. This saves me
a journey to the location where the host is
--- Marc Haber [EMAIL PROTECTED] wrote:
On Fri, Feb 18, 2005 at 02:25:17AM -0800, Harry wrote:
use UML and chroot it and run sarge in it.
What does this gain you? A compomised uml is as bad as a compromised
system.
I can wipe the UML if the host has not been compromised. This saves me
a
Marc == Marc Haber [EMAIL PROTECTED] writes:
Marc Nice idea. However, if somebody roots one of the UML
Marc installation, that somebody can probably escape out of the
Marc UML and gain user privileges on the host system and then use
Marc one of the numerous kernel vulnerabilities
On Fri, Feb 18, 2005 at 05:07:40PM +1100, [EMAIL PROTECTED] wrote:
I like using non-modular kernels to prevent LKMs
Of course, running a non-modular kernel doesn't prevent kernel rootkits.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
--- Marc Haber [EMAIL PROTECTED] wrote:
Nice idea. However, if somebody roots one of the UML installation,
that somebody can probably escape out of the UML and gain user
privileges on the host system and then use one of the numerous kernel
vulnerabilities (I have long lost track of them) to
* kurt kuene:
so what strategies to use if you are forced to work with a distro
other then woody?
I used to run unstable with irregular updates, and manually backport
upstream security fixes to the version in unstable (especially if a
new Debian packages was not available in unstable).
From
hi
first thanks a lot.
you all helped me very much.
apparently running stable with backports is best.
so I made the wrong decision upgrading my systems to sarge. :(
I did this because I thought it will come out soon and It is safe enough to use
it. This was six month ago. If I could turn back
On Fri, Feb 18, 2005 at 03:28:11PM +0100, kurt kuene wrote:
so you think unstable with an eye on problems is still better than testing? I
don't know.
Unstable is fine if you know exactly what you're doing and can fix a
broken system yourself. unstable is potentiall unstable (surprise),
but
Greetings,
Am Freitag, 18. Februar 2005 04:51 schrieb JM:
Hello,
* Besides grsecurity patch, pax etc...What other recommendations are there
to patch a kernel on a woody or sarge production server?
* Any experiences/opinions with the debian-hardened kernels?
* Is it that terrible running X
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
I like using non-modular kernels to prevent LKMs
http://www.phrack.org/phrack/58/p58-0x07
In this paper, we will discuss way of abusing the Linux kernel
(syscalls mostly) without help of module support or System.map at all,
so that we assume
Marc Haber schrieb am Friday, den 18. February 2005:
On Fri, Feb 18, 2005 at 04:40:56AM -0800, Harry wrote:
--- Marc Haber [EMAIL PROTECTED] wrote:
What does this gain you? A compomised uml is as bad as a compromised
system.
Nice idea. However, if somebody roots one of the UML
Am Freitag, 18. Februar 2005 09:44 schrieb martin f krafft:
also sprach DePriest, Jason R. [EMAIL PROTECTED] [2005.02.18.0530
+0100]:
Since no one has responded to this recently.
http://lists.debian.org/debian-security/2005/01/msg00188.html
wasn't enough?
Yes it was enough.
I was really
On Fri, Feb 18, 2005 at 08:11:28AM -0500, Michael Stone wrote:
On Fri, Feb 18, 2005 at 05:07:40PM +1100, [EMAIL PROTECTED] wrote:
I like using non-modular kernels to prevent LKMs
Of course, running a non-modular kernel doesn't prevent kernel rootkits.
yes - and I have been the victim of one
On Sat, 19 Feb 2005 [EMAIL PROTECTED] wrote:
On Fri, Feb 18, 2005 at 08:11:28AM -0500, Michael Stone wrote:
On Fri, Feb 18, 2005 at 05:07:40PM +1100, [EMAIL PROTECTED] wrote:
I like using non-modular kernels to prevent LKMs
Of course, running a non-modular kernel doesn't prevent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
--
Debian Security Advisory DSA 687-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 18th, 2005
On Sat, Feb 19, 2005 at 09:42:48AM +1100, [EMAIL PROTECTED] wrote:
yes - and I have been the victim of one of these (the 'suckit' rootkit).
But at least using non-modular kernels prevents one class of attacks...
Sure. At a fairly high cost in administrative overhead you can prevent
one fairly
hi
David Ehle [EMAIL PROTECTED] wrote:
IF, I had, say late last year heard that Sarge was going
stable REAL SOON,
and was trying to decide if I was going to go through the hoops being
described, or just do an early upgrade, since there WAS at the time a
working security repository for
21 matches
Mail list logo
