Re: gpg-errors with apt
On 7/7/05, Steve Kemp [EMAIL PROTECTED] wrote: On Thu, Jul 07, 2005 at 12:22:36PM +0200, Johann Spies wrote: I have read http://www.debian-administration.org/articles/174 about this topic and have done what the article suggested: ~# gpg --keyserver keyring.debian.org --recv 4F368D5D This imports the key for the Debian Unstable archive. I think you need to use 'apt-key' to import keys used to check debian repositories.
Re: gpg-errors with apt
On Fri, Jul 08, 2005 at 04:07:49PM +1000, Matt Hope wrote: On 7/7/05, Steve Kemp [EMAIL PROTECTED] wrote: On Thu, Jul 07, 2005 at 12:22:36PM +0200, Johann Spies wrote: I have read http://www.debian-administration.org/articles/174 about this topic and have done what the article suggested: ~# gpg --keyserver keyring.debian.org --recv 4F368D5D This imports the key for the Debian Unstable archive. I think you need to use 'apt-key' to import keys used to check debian repositories. Thanks. That did it! Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch And I saw a great white throne, and him that sat on it, from whose face the earth and the heaven fled away; and there was found no place for them. And I saw the dead, small and great, stand before God; and the books were opened; and another book was opened, which is the book of life; and the dead were judged out of those things which were written in the books, according to their works. Revelations 20:11,12 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Why throw away dough beauties playing with each other onTheir0nlinecam
Have you ever thought about looking_at h0tties perform everything you ever= dreamed of. If so.. this site is completely fr33 We have an breathtaking amount of members www.dating4now.com =20 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sudo question
I am responsible for a few servers and somebody else is the administrator of the IBM Tivoli backup-system. Let us name this user 'toets'. I have created the following sudo-configuration to give him access to the servers and the authenticate him to execute tivoli-related programs on the server: User_Alias RUGSTEUN= toets alias specification Cmnd_Alias BACKUP = /opt/tivoli/tsm/client/ba/bin/dsm, \ /opt/tivoli/tsm/client/ba/bin/dsmadmc, \ /opt/tivoli/tsm/client/ba/bin/dsmc, \ /opt/tivoli/tsm/client/ba/bin/dsmagent,\ /opt/tivoli/tsm/client/ba/bin/dsmcad,\ /opt/tivoli/tsm/client/ba/bin/dsmj,\ /opt/tivoli/tsm/client/ba/bin/dsmtca # User privilege specification RUGSTEUN ALL= (root) BACKUP How is it possible that I can enable this user not only to run programs from this directory, but to kill the process he started when necessary using SUDO - without enabling him to kill any process on the machine. Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch And I saw a great white throne, and him that sat on it, from whose face the earth and the heaven fled away; and there was found no place for them. And I saw the dead, small and great, stand before God; and the books were opened; and another book was opened, which is the book of life; and the dead were judged out of those things which were written in the books, according to their works. Revelations 20:11,12 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sudo question
also sprach Johann Spies [EMAIL PROTECTED] [2005.07.08.1057 +0200]: How is it possible that I can enable this user not only to run programs from this directory, but to kill the process he started when necessary using SUDO - without enabling him to kill any process on the machine. The only way to do this is to write a script which ensures that the PID is within the range of allowed PIDs, and then to give sudo access to the script. Beware that it's easy to make mistakes in scripts which could allow the user to gain root rights. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! how do you feel about women's rights? i like either side of them. -- groucho marx signature.asc Description: Digital signature
Re: Sudo question
* Johann Spies: alias specification Cmnd_Alias BACKUP = /opt/tivoli/tsm/client/ba/bin/dsm, \ /opt/tivoli/tsm/client/ba/bin/dsmadmc, \ /opt/tivoli/tsm/client/ba/bin/dsmc, \ /opt/tivoli/tsm/client/ba/bin/dsmagent,\ /opt/tivoli/tsm/client/ba/bin/dsmcad,\ /opt/tivoli/tsm/client/ba/bin/dsmj,\ /opt/tivoli/tsm/client/ba/bin/dsmtca # User privilege specification RUGSTEUN ALL= (root) BACKUP IIRC, the TSM command line clients suffer from several buffer overflows, so this is roughly equivalent to giving away full root access. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sudo question
On Fri, Jul 08, 2005 at 12:58:44PM +0200, Florian Weimer wrote: * Johann Spies: alias specification Cmnd_Alias BACKUP = /opt/tivoli/tsm/client/ba/bin/dsm, \ /opt/tivoli/tsm/client/ba/bin/dsmadmc, \ /opt/tivoli/tsm/client/ba/bin/dsmc, \ /opt/tivoli/tsm/client/ba/bin/dsmagent,\ /opt/tivoli/tsm/client/ba/bin/dsmcad,\ /opt/tivoli/tsm/client/ba/bin/dsmj,\ /opt/tivoli/tsm/client/ba/bin/dsmtca # User privilege specification RUGSTEUN ALL= (root) BACKUP IIRC, the TSM command line clients suffer from several buffer overflows, so this is roughly equivalent to giving away full root access. In theory, yes. At least the person who is able to do this is a fellow administrator in my department. What alternatives are there? Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch And I saw a great white throne, and him that sat on it, from whose face the earth and the heaven fled away; and there was found no place for them. And I saw the dead, small and great, stand before God; and the books were opened; and another book was opened, which is the book of life; and the dead were judged out of those things which were written in the books, according to their works. Revelations 20:11,12 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sudo question OT-reply (severely OT)
On Fri, 2005-07-08 at 13:36 +0200, Johann Spies wrote: On Fri, Jul 08, 2005 at 12:58:44PM +0200, Florian Weimer wrote: * Johann Spies: alias specification Cmnd_Alias BACKUP = /opt/tivoli/tsm/client/ba/bin/dsm, \ /opt/tivoli/tsm/client/ba/bin/dsmadmc, \ /opt/tivoli/tsm/client/ba/bin/dsmc, \ /opt/tivoli/tsm/client/ba/bin/dsmagent,\ /opt/tivoli/tsm/client/ba/bin/dsmcad,\ /opt/tivoli/tsm/client/ba/bin/dsmj,\ /opt/tivoli/tsm/client/ba/bin/dsmtca # User privilege specification RUGSTEUN ALL= (root) BACKUP IIRC, the TSM command line clients suffer from several buffer overflows, so this is roughly equivalent to giving away full root access. In theory, yes. At least the person who is able to do this is a fellow administrator in my department. What alternatives are there? Kill him and replace him with a small shell script. ;-) /Daniel -- File not found. Should I fake it (y/n)? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Security Support in Place
On Fri, 08 Jul 2005 at 01:58:40AM -0400, Martin Schulze wrote: The security team will continue to support Debian GNU/Linux 3.0 alias woody until May 2006, or if the security support for the next release, codenamed etch, starts, whatever happens first. Now I LOVE Debian a lot. It is my favorite distro, and I hope this isn't seen as a flame. But, two Debian releases in one year? That's kind of funny grins. -- Phillip Hofmeister -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Security Support in Place
On Fri, Jul 08, 2005 at 09:33:29AM -0400, Phillip Hofmeister wrote: On Fri, 08 Jul 2005 at 01:58:40AM -0400, Martin Schulze wrote: The security team will continue to support Debian GNU/Linux 3.0 alias woody until May 2006, or if the security support for the next release, codenamed etch, starts, whatever happens first. Now I LOVE Debian a lot. It is my favorite distro, and I hope this isn't seen as a flame. But, two Debian releases in one year? That's kind of funny grins. IIRC security-support for sarge started befor its release. Horst. -- For I perceive that behind this seemingly unrelated sequence of events, there lurks a singular, sinister attitude of mind. Whose? MINE! HA-HA! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Security Support in Place
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Phillip Hofmeister schrieb: The security team will continue to support Debian GNU/Linux 3.0 alias woody until May 2006, or if the security support for the next release, codenamed etch, starts, whatever happens first. Now I LOVE Debian a lot. It is my favorite distro, and I hope this isn't seen as a flame. But, two Debian releases in one year? That's kind of funny grins. But in the past there where some Debian Release with lesser than one year from one to the other. In Wikipedia there is a good table: Debian Linux (Stable releases) Version NameDatum 0.93R6 - 26. Oktober 1995 1.1 Buzz17. Juni 1996 1.2 Rex 12. Dezember 1996 1.3 Bo 5. Juni 1997 2.0 Hamm24. Juli 1998 2.1 Slink 9. März 1999 2.2 Potato 15. August 2000 3.0 Woody 19. Juli 2002 3.1 Sarge 6. Juni 2005 ? Etch- 0.93R6 - 1.1 : 8 month 1.1 - 1.2: 6 month 1.2 - 1.3: 6 month 1.3 - 2.0: 13 month 2.0 - 2.1: 7 month 2.1 - 2.2: 17 month 2.2 - 3.0: 2 years 3.0 - 3.1: 3 years - -- Mit freundlichen Grüssen, Martin Wodrich -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) iD8DBQFCzppXfymBmdFa7LcRAqZqAKC7LCrVG74wbvr0ne9H6UV56St25QCfa2i6 7LOQOwLTSqaRyiqLy+Wq0oU= =riCT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Security Support in Place
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Horst Pflugstaedt schrieb: Now I LOVE Debian a lot. It is my favorite distro, and I hope this isn't seen as a flame. But, two Debian releases in one year? That's kind of funny grins. IIRC security-support for sarge started befor its release. But only one month before the release. - -- Mit freundlichen Grüssen, Martin Wodrich -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) iD8DBQFCzqFxfymBmdFa7LcRAkv9AKDQeM6V+b+K74DFg/h5WPwGrA1BFwCcCWjF f4gHwuf+6+WC16jO+zLuDEw= =EfZC -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unsubscribe
-Original Message- From: Martin Schulze [mailto:[EMAIL PROTECTED] Sent: 08 July 2005 15:50 To: Debian Security Announcements Subject: [SECURITY] [DSA 744-1] New fuse packages fix information disclosure -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 744-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze July 8th, 2005 http://www.debian.org/security/faq - -- Package: fuse Vulnerability : programming error Problem-Type : local Debian-specific: no CVE ID : CAN-2005-1858 BugTraq ID : 13857 Debian Bug : 311634 Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information. The old stable distribution (woody) does not contain the fuse package. For the stable distribution (sarge) this problem has been fixed in version 2.2.1-4sarge2. For the unstable distribution (sid) this problem has been fixed in version 2.3.0-1. We recommend that you upgrade your fuse package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.d sc Size/MD5 checksum: 638 67ad2f1822f0f2d1d35d9fe432f43f33 http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.d iff.gz Size/MD5 checksum:10632 7ce74449f1b13092ba083361d37bf9da http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1.orig.tar. gz Size/MD5 checksum: 355773 250d89b9c7b6ecf531df60c67f75737d Architecture independent components: http://security.debian.org/pool/updates/main/f/fuse/fuse-source_2.2.1-4s arge2_all.deb Size/MD5 checksum:80392 61b3019908f4082d5d95272c34012f1e Alpha architecture: http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sa rge2_alpha.deb Size/MD5 checksum:42434 557b634171e2ba302d8991c046e04024 http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4s arge2_alpha.deb Size/MD5 checksum:63044 812a1046936bd2b2d26c3865f2dfdbf7 http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarg e2_alpha.deb Size/MD5 checksum:34752 d4092db02bc55fa1ac11263ba66ad22d ARM architecture: http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sa rge2_arm.deb Size/MD5 checksum:39552 83a1291fdb2609775637ff07f60a7b39 http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4s arge2_arm.deb Size/MD5 checksum:55034 3501e04f7e8bde3f2c0b7ee7664fc98f http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarg e2_arm.deb Size/MD5 checksum:31456 788f7e86c0ef907e7555e48629d80f61 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sa rge2_i386.deb Size/MD5 checksum:39664 244d168e16596dfc9e0dde78dda3d736 http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4s arge2_i386.deb Size/MD5 checksum:53146 514f9afb17a9ab8c9afca26a561044c2 http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarg e2_i386.deb Size/MD5 checksum:32440 f04cf2781881aa0244a0c66980524c04 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sa rge2_ia64.deb Size/MD5 checksum:44858 75ee6da77c009b2b232cfce3e80e8655 http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4s arge2_ia64.deb Size/MD5 checksum:65144 0e802cae4fa5df2ca85809fee2686f2d http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarg e2_ia64.deb Size/MD5 checksum:39486 de96b28421b8ae075f746a8bd16128c9 HP Precision architecture: http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sa rge2_hppa.deb Size/MD5 checksum:41318 f12b30e33da42bd5c3eb32a475ddeb27 http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4s arge2_hppa.deb Size/MD5 checksum:58146 caa618bc31fbe6c8b6ccddeb7ae6e511 http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarg e2_hppa.deb Size/MD5 checksum:35080 fa1252556b7383141e75a058c1407651 Motorola 680x0 architecture:
A wide range of software applications, drivers, and more.
cheap oem soft shipping worldwide http://beihl.0p4xlz0txs0pxj0.lhotacg.com Ladies and Gentlemen, we got him! (said after capture of Saddam) When you have nothing to say, say nothing. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
