On Thu, Dec 28, 2000 at 08:46:23PM -0700, John Galt wrote:
[ all developers should audit their code ]
Sounds lovely, in theory. However, judging by the number of open bugs
in some packages, out of date packages, etc, what makes you think
developers would take this more seriously? What
On Fri, Jan 26, 2001 at 08:04:21AM -0600, Mike Renfro wrote:
On Thu, Jan 25, 2001 at 08:51:07PM +0100, Martin Schulze wrote:
Please don't do that. Security updates should come *only* from
security.debian.org. This was discussed a while, you should be
able to find some blurb about it in
On Sat, Feb 17, 2001 at 06:21:04PM +0100, Carel Fellinger wrote:
On Sat, Feb 17, 2001 at 02:49:03PM +0100, Thor wrote:
...
Speak for cloning a single partition then i suggest a simple
'cp -ax /mount_point_of_original_parition /mount_point_of_target_partiton'
the 'a' stand for archive
On Tue, Mar 06, 2001 at 01:12:46AM +, Tim Haynes wrote:
It's also possible that someone is just exploring.
Then they need educating that scanning such a vast range of ports is an
unacceptable definition of `exploring'.
Well, that's your opinion. I don't know that I agree ...
On Thu, Apr 05, 2001 at 01:31:31PM -0500, Lindsey Simon wrote:
I've been wondering why I get so many probes on port 53, what's the popular exploit
on it?
Myriad bugs in bind.
--
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd. | than a perfect plan
On Fri, Apr 06, 2001 at 03:07:42PM -0400, Damian M Gryski wrote:
On Fri, 06 Apr 2001, Steve Greenland wrote:
On 06-Apr-01, 11:41 (CDT), Damian M Gryski [EMAIL PROTECTED] wrote:
So, this for me pretty much nails it that something is borked with the
sysklogd cron.weekly script.
On Sun, Apr 22, 2001 at 11:02:21AM +0300, Martin Fluch wrote:
Hmm, this could be due to some bug in a bash/sh script, when somebody
wanted to redirect something to the sdtin (fd=0) and wrote " 0" instead
of "0"...
Could be, except stdin is fd 1, not 0 (this is true in at least bash
and ash.)
On Sun, Apr 22, 2001 at 11:03:50AM -0400, Jacob Kuntz wrote:
from the secret journal of Nathan E Norman ([EMAIL PROTECTED]):
Could be, except stdin is fd 1, not 0 (this is true in at least bash
and ash.)
From bash(1):
/dev/stdin
File descriptor 0 is duplicated
On Wed, May 23, 2001 at 05:18:04PM +0200, Simon Huggins wrote:
On Tue, May 22, 2001 at 08:37:26PM +0100, Dave Smith wrote:
(Please do not CC me on mail sent to this list; I subscribe to and
read every list I post to.)
But do you read every post of every list you post to?
(sorry it was
On Fri, Jul 06, 2001 at 03:24:56PM -0800, Ethan Benson wrote:
On Fri, Jul 06, 2001 at 09:43:55AM -0500, Nathan E Norman wrote:
OTOH if you restrict the user to a list of commands in /etc/sudoers,
it's wise to consider whether the user might be able to leverage one of
those commands
On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote:
On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote:
You really can not blame people for not hiring
expensive unix sysadmins and letting some semi competent windows user run
the NT network.
oh? and whyever not? its
On Sat, Jul 21, 2001 at 09:28:35PM -0700, Jacob Meuser wrote:
PS We don't give guns to children, do we?
What the hell does this have to do with running services on a freaking
computer connected to the Internet? You are beginning to sound like a
troll.
HINT: It's difficult to kill someone with
On Sun, Jul 22, 2001 at 12:01:55AM -0700, Jacob Meuser wrote:
Well, someone has decided to attack me for using an analogy, so I will
refrain from saying how this doesn't go with what I'm saying.
Oh, grow up. I did not attack you, I questioned the wisdom of
comparing running services on a
On Thu, Aug 09, 2001 at 06:05:38PM +0200, Viljo Marrandi wrote:
Hello,
I'm not sure this is aan security issue, but i could be exploitable...
From time to time one of my nic's just dies and in /var/log/messages i
have stuff like this:
Aug 9 16:08:59 server kernel: eth1: Oversized
On Thu, Aug 09, 2001 at 03:51:14PM -0500, Rob VanFleet wrote:
On Thu, Aug 09, 2001 at 05:26:50PM +0200, Christian Kurz wrote:
option pgp_create_traditional. That option might help you very much,
but instead I would suggest that the other MUA's get fixed.
Um, wouldn't that be every other
On Thu, Aug 23, 2001 at 08:18:58AM -1000, Joseph Dane wrote:
Alexander == Alexander List [EMAIL PROTECTED] writes:
Alexander You might also consider the tip posted before to use rsync
Alexander (rsync -e ssh) to transfer entire directory structures,
or, since ssh will read from stdin,
On Mon, Sep 10, 2001 at 01:34:17PM +0100, Ricardo B wrote:
Your theory is nuts! But not enough to be true! (Niels Bohr)
We are all agreed that your theory is crazy. The question which
divides us is whether it is crazy enough to have a chance of being
correct. My own feeling is that it is not
On Mon, Nov 19, 2001 at 01:47:40PM -0800, Petro wrote:
enviroments and applications to figure out what it takes to make a
system really consistent and usable for you. Even if you pick some
things that aren't quite finished as part of your enviroment, if they
are part of an active
On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote:
On Mon, 19 Nov 2001 21:57:05 -0600
Nathan E Norman Nathan wrote:
On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote:
But his is hugely off topic, and I'll go no futher down this
road.
Could you at least honor my Mail
On Sun, Dec 30, 2001 at 06:49:34PM +0100, Wichert Akkerman wrote:
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
May
projectmanager/user
if everybody can login into it... why bother ???
- you'd want to know who made the changes ... ( tom, dick, harry )
c ya
alvin
On Sun, 20 Jan 2002, Nathan E Norman wrote:
Hi,
I'm setting up a project for some friends. I want each of them
On Thu, Mar 07, 2002 at 02:42:43PM -0800, Mike Fedyk wrote:
On Thu, Mar 07, 2002 at 10:54:57AM -0800, Xeno Campanoli wrote:
Mike Fedyk wrote:
On Thu, Mar 07, 2002 at 01:11:34PM +0800, Mo Zhen Guang wrote:
as always, security update may be troublesome with testing distribution.
On Fri, Mar 22, 2002 at 03:15:25PM +0100, eim wrote:
mod_ssl pass phrase related question
Hallo Debian folks,
I've installed the Debian package libapache-mod-ssl
on my workstation box in order to learn how to setup
http secure transactions with my
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out
On Fri, Apr 05, 2002 at 08:28:41AM -0600, Jay Kline wrote:
On Friday 05 April 2002 08:49 am, Juhan Kundla wrote:
How do you do that? I tried the following...
Not remove- but not start. Remove all references to it from the /etc/rc*.d/
directorys so that it dosnt start up anymore. If
On Tue, Apr 16, 2002 at 08:11:29PM +0300, Halil Demirezen wrote:
I am planning to write code that will load the users terminal screens to
my screen. And root will surely manage that. Is there anyone to tell me
any link which contains information about this subject.
nnorman@foo:~ $ apt-cache
On Mon, May 27, 2002 at 09:09:46PM -0500, Jor-el wrote:
On Mon, 27 May 2002, Jor-el wrote:
Hi,
Has anyone gotten the remember= ... argument to pam_unix module to
work? This is supposed to check if the new passwd is one of the old
remembered passwords. Everytime I change the
On Mon, Jun 03, 2002 at 10:57:46PM +0200, Jacques Lav!gnotte wrote:
On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote:
Are you sure they are open and nmap isn't just returning a false
positive?
Try a #netstat -vatn on the local server and see if those ports really
are open.
On Mon, Dec 02, 2002 at 04:54:34PM +0100, Janßen, Dirk wrote:
Ich bin erst am 03.12.2002 wieder im Haus. Bei dringenden dienstlichen
Angelegenheiten wenden Sie sich bitte an Herrn Igor Spanz
(mailto:removed), Tel. -368.
===
I am absent
On Mon, Dec 02, 2002 at 11:48:23AM -0500, Raymond Wood wrote:
This makes sense to me, so I can accept the Spam I receive
through the debian lists. One thing I'm still unclear about
though is the recent post from someone who requested that people
*not* report Spam received through the debian
On Tue, Mar 11, 2003 at 03:27:20PM +1100, Glenn McGrath wrote:
Your a blind fool.
You're ::= You are
:-)
--
Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED]
Avoid gunfire in the bathroom tonight.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Tue, Mar 11, 2003 at 03:16:49AM +0100, Andreas Kotes wrote:
P.S: something for the lawyers: are there any licenses explictly
disallowing the use of software in conjunction with war? would it be
debian-compatible?
Of course there are such licenses, and of course they are not DFSG
free ...
On Fri, Mar 21, 2003 at 02:43:47PM -0600, Jeremy Choy wrote:
[ please don't top post ]
The original poster indicated that they were running potato. They should
put the following line in /etc/apt/sources.list:
deb http://security.debian.org/debian-security oldstable/updates main
contrib
On Sun, Mar 30, 2003 at 09:44:05PM +0200, Bernard Lheureux wrote:
On Sunday 30 March 2003 16:03, wrote:
The previous one was a porono site promo, now this one !!!
WHY ISN'T THIS LIST PRIVATE ONLY !!!
[ snip spam ]
Hey spaz;
Please don't quote spam back to the list; it hoses various spam
On Thu, Dec 28, 2000 at 08:46:23PM -0700, John Galt wrote:
[ all developers should audit their code ]
Sounds lovely, in theory. However, judging by the number of open bugs
in some packages, out of date packages, etc, what makes you think
developers would take this more seriously? What
On Fri, Jan 26, 2001 at 08:04:21AM -0600, Mike Renfro wrote:
On Thu, Jan 25, 2001 at 08:51:07PM +0100, Martin Schulze wrote:
Please don't do that. Security updates should come *only* from
security.debian.org. This was discussed a while, you should be
able to find some blurb about it in
On Wed, Feb 07, 2001 at 11:26:24AM +1300, Matthew Sherborne wrote:
Who is the list maintainer ?
GBY
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Sat, Feb 17, 2001 at 06:21:04PM +0100, Carel Fellinger wrote:
On Sat, Feb 17, 2001 at 02:49:03PM +0100, Thor wrote:
...
Speak for cloning a single partition then i suggest a simple
'cp -ax /mount_point_of_original_parition /mount_point_of_target_partiton'
the 'a' stand for archive
On Mon, Mar 05, 2001 at 11:37:17PM +0100, Szabó Dániel wrote:
Hello.
My packet filter ruleset catched somebody on port scanning one of our host.
He or she tryed to scan a very big port range from tcp 1 up to 32000 (think
with nmap), but my packet filter denied his/her queries (the kernel
On Tue, Mar 06, 2001 at 01:12:46AM +, Tim Haynes wrote:
It's also possible that someone is just exploring.
Then they need educating that scanning such a vast range of ports is an
unacceptable definition of `exploring'.
Well, that's your opinion. I don't know that I agree ... presumably
On Thu, Apr 05, 2001 at 01:31:31PM -0500, Lindsey Simon wrote:
I've been wondering why I get so many probes on port 53, what's the popular
exploit on it?
Myriad bugs in bind.
--
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd. | than a perfect plan
On Fri, Apr 06, 2001 at 03:07:42PM -0400, Damian M Gryski wrote:
On Fri, 06 Apr 2001, Steve Greenland wrote:
On 06-Apr-01, 11:41 (CDT), Damian M Gryski [EMAIL PROTECTED] wrote:
So, this for me pretty much nails it that something is borked with the
sysklogd cron.weekly script.
On Sun, Apr 22, 2001 at 11:02:21AM +0300, Martin Fluch wrote:
Hmm, this could be due to some bug in a bash/sh script, when somebody
wanted to redirect something to the sdtin (fd=0) and wrote 0 instead
of 0...
Could be, except stdin is fd 1, not 0 (this is true in at least bash
and ash.)
--
On Sun, Apr 22, 2001 at 11:03:50AM -0400, Jacob Kuntz wrote:
from the secret journal of Nathan E Norman ([EMAIL PROTECTED]):
Could be, except stdin is fd 1, not 0 (this is true in at least bash
and ash.)
From bash(1):
/dev/stdin
File descriptor 0 is duplicated
On Wed, May 23, 2001 at 05:18:04PM +0200, Simon Huggins wrote:
On Tue, May 22, 2001 at 08:37:26PM +0100, Dave Smith wrote:
(Please do not CC me on mail sent to this list; I subscribe to and
read every list I post to.)
But do you read every post of every list you post to?
(sorry it was too
On Fri, Jul 06, 2001 at 09:29:54AM -0700, Robert L. Yelvington wrote:
admittedly, i am not very familiar with sudo because i have never seen the
practical advantages of making su'ing more of a hassle by having to manage
another set of conf files and keeping track of who's a sudoer and,
On Fri, Jul 06, 2001 at 03:24:56PM -0800, Ethan Benson wrote:
On Fri, Jul 06, 2001 at 09:43:55AM -0500, Nathan E Norman wrote:
OTOH if you restrict the user to a list of commands in /etc/sudoers,
it's wise to consider whether the user might be able to leverage one of
those commands
On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote:
On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote:
You really can not blame people for not hiring
expensive unix sysadmins and letting some semi competent windows user run
the NT network.
oh? and whyever not? its
On Sat, Jul 21, 2001 at 09:28:35PM -0700, Jacob Meuser wrote:
PS We don't give guns to children, do we?
What the hell does this have to do with running services on a freaking
computer connected to the Internet? You are beginning to sound like a
troll.
HINT: It's difficult to kill someone with
On Sun, Jul 22, 2001 at 12:01:55AM -0700, Jacob Meuser wrote:
Well, someone has decided to attack me for using an analogy, so I will
refrain from saying how this doesn't go with what I'm saying.
Oh, grow up. I did not attack you, I questioned the wisdom of
comparing running services on a
On Thu, Aug 09, 2001 at 06:05:38PM +0200, Viljo Marrandi wrote:
Hello,
I'm not sure this is aan security issue, but i could be exploitable...
From time to time one of my nic's just dies and in /var/log/messages i
have stuff like this:
Aug 9 16:08:59 server kernel: eth1: Oversized
On Thu, Aug 09, 2001 at 03:51:14PM -0500, Rob VanFleet wrote:
On Thu, Aug 09, 2001 at 05:26:50PM +0200, Christian Kurz wrote:
option pgp_create_traditional. That option might help you very much,
but instead I would suggest that the other MUA's get fixed.
Um, wouldn't that be every other
On Thu, Aug 23, 2001 at 08:18:58AM -1000, Joseph Dane wrote:
Alexander == Alexander List [EMAIL PROTECTED] writes:
Alexander You might also consider the tip posted before to use rsync
Alexander (rsync -e ssh) to transfer entire directory structures,
or, since ssh will read from stdin,
On Mon, Sep 10, 2001 at 01:34:17PM +0100, Ricardo B wrote:
Your theory is nuts! But not enough to be true! (Niels Bohr)
We are all agreed that your theory is crazy. The question which
divides us is whether it is crazy enough to have a chance of being
correct. My own feeling is that it is not
On Mon, Sep 10, 2001 at 07:38:10PM +0100, Tim Haynes wrote:
Adam Olsen [EMAIL PROTECTED] writes:
It should be sufficient to do
update-rc.d -f portmap remove
update-rc.d -f lpd remove
update-rc.d -f bind remove
As an aside, I did this with proftpd, but
On Tue, Sep 11, 2001 at 12:52:06AM +0100, Tom Breza wrote:
There's recently been quite a discussion about this here or on
debian-firewall. There are proposals to register somewhere whether you
want an installed service started or not (on a per-service basis). Look
at the archives for
On Mon, Nov 19, 2001 at 01:47:40PM -0800, Petro wrote:
enviroments and applications to figure out what it takes to make a
system really consistent and usable for you. Even if you pick some
things that aren't quite finished as part of your enviroment, if they
are part of an active
On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote:
But his is hugely off topic, and I'll go no futher down this road.
Could you at least honor my Mail-Followup-To: header?
Thanks,
--
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd. | than a
On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote:
On Mon, 19 Nov 2001 21:57:05 -0600
Nathan E Norman Nathan wrote:
On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote:
But his is hugely off topic, and I'll go no futher down this
road.
Could you at least honor my Mail
On Sun, Dec 30, 2001 at 06:49:34PM +0100, Wichert Akkerman wrote:
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
May
Hi,
I'm setting up a project for some friends. I want each of them to
have their own account, but I want the project to be hosted (and run
under) a seperate account. Each user should be able to su to the
project account to restart daemons. No user should be able to log in
as the project user.
projectmanager/user
if everybody can login into it... why bother ???
- you'd want to know who made the changes ... ( tom, dick, harry )
c ya
alvin
On Sun, 20 Jan 2002, Nathan E Norman wrote:
Hi,
I'm setting up a project for some friends. I want each of them
On Thu, Mar 07, 2002 at 02:42:43PM -0800, Mike Fedyk wrote:
On Thu, Mar 07, 2002 at 10:54:57AM -0800, Xeno Campanoli wrote:
Mike Fedyk wrote:
On Thu, Mar 07, 2002 at 01:11:34PM +0800, Mo Zhen Guang wrote:
as always, security update may be troublesome with testing distribution.
On Fri, Mar 22, 2002 at 03:15:25PM +0100, eim wrote:
mod_ssl pass phrase related question
Hallo Debian folks,
I've installed the Debian package libapache-mod-ssl
on my workstation box in order to learn how to setup
http secure transactions with my
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out
On Fri, Apr 05, 2002 at 08:28:41AM -0600, Jay Kline wrote:
On Friday 05 April 2002 08:49 am, Juhan Kundla wrote:
How do you do that? I tried the following...
Not remove- but not start. Remove all references to it from the /etc/rc*.d/
directorys so that it dosnt start up anymore. If
On Tue, Apr 16, 2002 at 08:11:29PM +0300, Halil Demirezen wrote:
I am planning to write code that will load the users terminal screens to
my screen. And root will surely manage that. Is there anyone to tell me
any link which contains information about this subject.
[EMAIL PROTECTED]:~ $
On Mon, May 27, 2002 at 09:09:46PM -0500, Jor-el wrote:
On Mon, 27 May 2002, Jor-el wrote:
Hi,
Has anyone gotten the remember= ... argument to pam_unix module to
work? This is supposed to check if the new passwd is one of the old
remembered passwords. Everytime I change the
On Mon, Jun 03, 2002 at 10:57:46PM +0200, Jacques Lav!gnotte wrote:
On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote:
Are you sure they are open and nmap isn't just returning a false
positive?
Try a #netstat -vatn on the local server and see if those ports really
are open.
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
If you use Iptables and you block spoofed addresses with Iptables,
will that stop the spoofing in their tracks, therefore decreasing the
chance of a DOS?
No. For example, let's say someone manages to spoof mailout.aol.com
On Mon, Dec 02, 2002 at 03:21:28PM +0100, IT - Sven Mueller wrote:
However, I am not really able to tell why this kind of users is allowed to
post here. A pointer to a previous discussion would be enough for me, but I
couldn't find one in the archives (maybe I'm using the wrong keywords in
On Mon, Dec 02, 2002 at 04:54:34PM +0100, Janßen, Dirk wrote:
Ich bin erst am 03.12.2002 wieder im Haus. Bei dringenden dienstlichen
Angelegenheiten wenden Sie sich bitte an Herrn Igor Spanz
(mailto:removed), Tel. -368.
===
I am absent
On Mon, Dec 02, 2002 at 11:48:23AM -0500, Raymond Wood wrote:
This makes sense to me, so I can accept the Spam I receive
through the debian lists. One thing I'm still unclear about
though is the recent post from someone who requested that people
*not* report Spam received through the debian
On Tue, Mar 11, 2003 at 03:27:20PM +1100, Glenn McGrath wrote:
Your a blind fool.
You're ::= You are
:-)
--
Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED]
Avoid gunfire in the bathroom tonight.
On Tue, Mar 11, 2003 at 03:16:49AM +0100, Andreas Kotes wrote:
P.S: something for the lawyers: are there any licenses explictly
disallowing the use of software in conjunction with war? would it be
debian-compatible?
Of course there are such licenses, and of course they are not DFSG
free ...
On Fri, Mar 21, 2003 at 02:43:47PM -0600, Jeremy Choy wrote:
[ please don't top post ]
The original poster indicated that they were running potato. They should
put the following line in /etc/apt/sources.list:
deb http://security.debian.org/debian-security oldstable/updates main
contrib
On Sun, Mar 30, 2003 at 09:44:05PM +0200, Bernard Lheureux wrote:
On Sunday 30 March 2003 16:03, wrote:
The previous one was a porono site promo, now this one !!!
WHY ISN'T THIS LIST PRIVATE ONLY !!!
[ snip spam ]
Hey spaz;
Please don't quote spam back to the list; it hoses various spam
On Wed, May 14, 2003 at 03:33:36PM +0100, Michael Parkinson wrote:
Dear All,
Currently implementing a number of modifications to our internal security
policies and one addition I am attempting to add is the full logging of user
activity.
I cannot find any simple way of achieving this
On Wed, May 14, 2003 at 06:26:16PM +0100, Michael Parkinson wrote:
[ I wrote ]
On Wed, May 14, 2003 at 03:33:36PM +0100, Michael Parkinson wrote:
Dear All,
Currently implementing a number of modifications to our internal security
policies and one addition I am attempting to add is
79 matches
Mail list logo
