Hello,
A bit of googling doesn't seem to produce much in the way of results on
this topic so I thought I would seek out opinions on the list.
Please let me know if I'm making any false assumptions or showing a
mis-understanding of the issue:
DKMS is becoming the preferred way to do things
if this has been addressed? Are there any plans to do
so?
Thanks!
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become a
monster. And if you gaze
.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become a
monster. And if you gaze for long into an abyss, the abyss gazes also into
you.
On Tue, 29 Apr 2008
Please take this discussion off list. It has nothing to do with security.
Take it to some list that has has to do with debian policy, announcements,
the web-page or anyplace else where it might be relevent.
Great job Security team. Thanks for all your work.
--
David Ehle
Computing Systems
, research leads,
or input from those who have put together similar projects.
Thanks in Advance!
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become
.
So, I would be interested in hearing what the additional security
implications would be.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become
their system offline and not put the
security line in their sources- as security will require changes at some
level.
I support introducting new packages when older versions can not be
realisticly maintained with backported security fixes.
--
David Ehle
Computing Systems Manager
CAPP CSRRI BIOCAT
rm 077
On Tue, 23 Aug 2005, Matt Zimmerman wrote:
On Tue, Aug 23, 2005 at 12:04:17PM -0500, David Ehle wrote:
As you can see in the subject, the OP understands the policy, but believes
it should be changed.
To what? The suggestions that I have seen so far seem to be reiterations
I second this post.
Dan, Thank you for saying so clearly.
On Sat, 20 Aug 2005, Daniel Sterling wrote:
Keeping Debian stable by not changing things is great.
Except maybe its not so great when you're trying to maintain a complicated,
buggy, high profile program that handles sensitive user
have servers that can
be used to build at least two of the architectures.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become a
monster
Did you realize before this rant that this is already the policy, and has
been documented in the Security Team FAQ for several years now?
This is not a rant, its cutting through the horse crap. If what I am
suggesting is already policy then why are we having this discussion? Why
was there
Despite of the fact, the the release is probably unable to match the mozilla
release cycles - do you really think, mozilla is the one and only package,
debian is all about? Well, I mean the killer application, the thin that
justify Debian?
Keep smiling
yanosz
For my end users, who have
Debian is not primarily intended for being used as a desktop system. If you
are up to desktop centric usage, you should probably run Ubuntu instead.
Keep smiling
yanosz
I Can't disagree with this statement more.
We have been using Debian on desktops for at least 6 years. There Was no
some very good fonts in it.
Please don't respond to this on list, as it is inappropriate for the list.
Good luck.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
On Tue, 7 Sep 2004, Snyder, Dave (D.F.) wrote
Sounds like you want to change your users umask if you want to change the
behavior system wide, or maybe fiddle around with ACLs or set the
directory sticky if it is just one part of your file system.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
2) Referring back to your original post, the only user who can change
the owner of a file is the owner of that file, with the chown command.
Even this is a little complex as a normal user can NOT give away ownership
of their files. I guess people were using the ability to avoid quota
limits
Sounds like you want to change your users umask if you want to change the
behavior system wide, or maybe fiddle around with ACLs or set the
directory sticky if it is just one part of your file system.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
2) Referring back to your original post, the only user who can change
the owner of a file is the owner of that file, with the chown command.
Even this is a little complex as a normal user can NOT give away ownership
of their files. I guess people were using the ability to avoid quota
limits
Right now chkrootkit gets lots of false positives regarding LKMs. There
was a pretty thorough discussion just a couple days ago so look through
the archive for the details:
http://lists.debian.org/debian-security/
So, its _probably_ a false alarm, but
--
David Ehle
Computing Systems
Right now chkrootkit gets lots of false positives regarding LKMs. There
was a pretty thorough discussion just a couple days ago so look through
the archive for the details:
http://lists.debian.org/debian-security/
So, its _probably_ a false alarm, but
--
David Ehle
Computing Systems
I don't know of any way to do it directly from sshd_config, but you can
tell SSH to use PAM for auths. PAM might have a way to do that but I've
never explored it deeply enough to tell you for sure.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago
for your powerusers. In
poweruser config file set AllowUsers/Groups for your power users and
DenyUsers for al others.
This would mean however that you power users would need to custom
configure their ssh clients to talk to your oddball port. Kind of
inconvenient...
--
David Ehle
Computing
I don't know of any way to do it directly from sshd_config, but you can
tell SSH to use PAM for auths. PAM might have a way to do that but I've
never explored it deeply enough to tell you for sure.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago
for your powerusers. In
poweruser config file set AllowUsers/Groups for your power users and
DenyUsers for al others.
This would mean however that you power users would need to custom
configure their ssh clients to talk to your oddball port. Kind of
inconvenient...
--
David Ehle
Computing
find out anymore I will post more.
My apologies to those who get this message twice in the Chicago area :(
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60614
[EMAIL PROTECTED]
312-567-3751
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
find out anymore I will post more.
My apologies to those who get this message twice in the Chicago area :(
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60614
[EMAIL PROTECTED]
312-567-3751
Il Tue, 22 Apr 2003 17:48:23 -0500 (CDT)
David Ehle sì che favelando
sibillò:
nightly apt-get update apt-get upgrade
But if it asks human interaction?? How can i do??
I use a cronjob. I'll send it to you privatly, if anyone else wants it let
me know.
David.
--
sracatus
While the earlier advice is probably the best advice, don't forget to run
chkrootkit.
I recently had the same thing happen to one of my machines. I've found a
kit in /dev/proc/fuckit
The total nuking of /log makes this look like a very amature job. If they
were hot they would edit the
2.
Use spamassasin (i use procmail) as spamfilter. You won't see Spam
again. (And if you do, you have done something wrong. Really.)
On spamassasin, I havn't used it, so this may be a stupid question, but
would it be impossible setup it or an equivelnt on the list?
That might be a good
2.
Use spamassasin (i use procmail) as spamfilter. You won't see Spam
again. (And if you do, you have done something wrong. Really.)
On spamassasin, I havn't used it, so this may be a stupid question, but
would it be impossible setup it or an equivelnt on the list?
That might be a good
I don't THINK that is bad news but I wouldn't bet my job on it. download
and run chkrootkit and give it a go.
Those look rather innocent to me. Did you add any software or do an
apt-get upgrade recently?
David.
--
War on the World?
Not in My Name!
http://www.notinourname.net/
On 29 Mar
I don't THINK that is bad news but I wouldn't bet my job on it. download
and run chkrootkit and give it a go.
Those look rather innocent to me. Did you add any software or do an
apt-get upgrade recently?
David.
--
War on the World?
Not in My Name!
http://www.notinourname.net/
On 29 Mar
As I understand it, OpenAFS is IBM sortware that was opensourced. Coda
was a wholely opensource project to implement AFS. Please feel free to
correct me if I'm wrong.
David.
On Wed, 19 Mar 2003, Hanasaki JiJi wrote:
What is OpenAFS vs CODA?
[EMAIL PROTECTED] wrote:
On Wed, Mar 19, 2003
As I understand it, OpenAFS is IBM sortware that was opensourced. Coda
was a wholely opensource project to implement AFS. Please feel free to
correct me if I'm wrong.
David.
On Wed, 19 Mar 2003, Hanasaki JiJi wrote:
What is OpenAFS vs CODA?
[EMAIL PROTECTED] wrote:
On Wed, Mar 19, 2003
Ok I've resisted this thread for quite a while because its so off topic...
but since nobody is complaining... I'm going to post a facinating letter
from inside the FBI I ran across recently. I havn't done much work
checking authenticity but even its bogus it makes some great points.
This is long
Ok I've resisted this thread for quite a while because its so off topic...
but since nobody is complaining... I'm going to post a facinating letter
from inside the FBI I ran across recently. I havn't done much work
checking authenticity but even its bogus it makes some great points.
This is long
Hello all,
Is the Debian package of cups Vulnerable to the security issues
detailed here?:
http://www.idefense.com/advisory/12.19.02.txt
It doesn't mentions version 1.1.15-4 explicitly, but the vulnerablites
havn't been tested on many different Distros yet.
If the Debian package is
Hello all,
Is the Debian package of cups Vulnerable to the security issues
detailed here?:
http://www.idefense.com/advisory/12.19.02.txt
It doesn't mentions version 1.1.15-4 explicitly, but the vulnerablites
havn't been tested on many different Distros yet.
If the Debian package is
Is this the same vulnerability exploited bye the Linux.Slapper.Worm?
http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.worm.html
The reports openssl 0.9.6d and older are vulnerable, and woody seems to be
using 0.9.6.d.
Is DSA-126-1 openssl saying that this has been patched
My mail shield found a virus in that message.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
This is probably redundent.. your message had a virus/worm in it. If
anyone opened it in OE/Outlook you will want to clean it up so you
don't spam anyone else. Thank heaven this is a linux list ;) not many
vulnerable targets here
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
This is probably redundent.. your message had a virus/worm in it. If
anyone opened it in OE/Outlook you will want to clean it up so you
don't spam anyone else. Thank heaven this is a linux list ;) not many
vulnerable targets here
To all:
Sorry about including the list in reply.
David.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
To all:
Sorry about including the list in reply.
David.
Nathan,
Yes its possible, but it might not be wise ;)
One way to set it up so that the account doesn't have a password but can
be accessed is disable its password, but create a ssh public/private key
pair and give the users who should have access to it the key so they can
use key based
LOL, talk about not seeing the forest for the tree's... Yeah. Do it the
way he says. Its the right way of doing something like that.
David.
Alvin Oga wrote:
hi ya nathan
create a group proj
add tom, dick, harry to belong to the proj group ( /etc/group )
- those NOT listed in
Nathan,
Yes its possible, but it might not be wise ;)
One way to set it up so that the account doesn't have a password but can
be accessed is disable its password, but create a ssh public/private key
pair and give the users who should have access to it the key so they can
use key based
LOL, talk about not seeing the forest for the tree's... Yeah. Do it the
way he says. Its the right way of doing something like that.
David.
Alvin Oga wrote:
hi ya nathan
create a group proj
add tom, dick, harry to belong to the proj group ( /etc/group )
- those NOT listed in
Hello all,
This is far from as serious an issue as some of the items on the list
right now,
but I thought I'd see if anyone has some input.
I'm running some synchronized machines, and I only want users to change
passwords on the master. So, I thought of writing a script to replace
password that
Tim,
Yep that does it :) Thanks mucho!
I knew it was something VERY simple but my brain is just stir-fried
today and I couldn't think of it.
Thanks again.
David.
Tim Haynes wrote:
David Ehle [EMAIL PROTECTED] writes:
Hello all,
if you do:
ssh [EMAIL PROTECTED] password
What
Hello all,
This is far from as serious an issue as some of the items on the list
right now,
but I thought I'd see if anyone has some input.
I'm running some synchronized machines, and I only want users to change
passwords on the master. So, I thought of writing a script to replace
password that
Tim,
Yep that does it :) Thanks mucho!
I knew it was something VERY simple but my brain is just stir-fried
today and I couldn't think of it.
Thanks again.
David.
Tim Haynes wrote:
David Ehle [EMAIL PROTECTED] writes:
Hello all,
if you do:
ssh [EMAIL PROTECTED] password
What
Hello all,
Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
Testing is using 2.6.1-5, is that also compromised? I have been
watching it all day but haven't seen any updates.
If it is not secure has a patched version been made available anywhere?
I can't seem to find any
that is being tested, if not in
testing. I'm very surprised it hasn't been released or mentioned yet
myself.
Curt-
-Original Message-
From: David Ehle [mailto:[EMAIL PROTECTED]
Sent: Friday, November 30, 2001 14:20
To: debian-security@lists.debian.org
Cc: Debian-Security (E-mail)
Subject
Hello all,
Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
Testing is using 2.6.1-5, is that also compromised? I have been
watching it all day but haven't seen any updates.
If it is not secure has a patched version been made available anywhere?
I can't seem to find any
that is being tested, if not in
testing. I'm very surprised it hasn't been released or mentioned yet
myself.
Curt-
-Original Message-
From: David Ehle [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 14:20
To: [EMAIL PROTECTED]
Cc: Debian-Security (E-mail)
Subject: Secure wu-ftpd
:46:10PM -0500, David Ehle wrote:
1. How to dissallow network connections to this guest account? I don't
want anyone ssh'ing in, but I still want to be able to remotely administer
the machines.
man sshd --
DenyUsers
This keyword can be followed by a number of user
:46:10PM -0500, David Ehle wrote:
1. How to dissallow network connections to this guest account? I don't
want anyone ssh'ing in, but I still want to be able to remotely administer
the machines.
man sshd --
DenyUsers
This keyword can be followed by a number of user names
Howdy all,
Not debian specific, but this is the best batch of security minds I
have access too so I figured I'd see if this interests anyone.
I need to set up some Xterminal replacemnets - linux boxes that will
mostly only be running netscape and ssh.
They are going to be used for
Howdy all,
Not debian specific, but this is the best batch of security minds I
have access too so I figured I'd see if this interests anyone.
I need to set up some Xterminal replacemnets - linux boxes that will
mostly only be running netscape and ssh.
They are going to be used for
Thanks Andrew, Thanks Jim.
I'll layer them on and sleep better tonight ;).
Stopping the middle button menu behavior is still causing me to pull my
hair out though. Tried changing the behavior of the middle button in the
/enlightenment/keybind.cfg file - both global and local version, but it
Um Wow... I'm afraid I couldn't agree with you less Richard.
My suggestion would have to be CONTACT the original author of that version
of passwd, and the debian security evaluaters/announcers and let them know
as much as possible about the hole so they can evaluate/fix it.
Your disgression in
On Fri, 13 Jul 2001, Dan Hutchinson wrote:
Hello,
Does anyone know of a secure network file system like Active Directories
from Microsoft, or Novell NDS that works with UNIX O/S's like Linux,
Sun, HP-UX and also with Windows Systems like 95, 98,ME,NT, and 2000.
Just curious
Dan
I know
and let me put in some old PPro's w/ barebones linux installs to replace
them.)
Thanks!
David Ehle
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
and let me put in some old PPro's w/ barebones linux installs to replace
them.)
Thanks!
David Ehle
On Thu, 24 May 2001 [EMAIL PROTECTED] wrote:
What you have there is someone trying to do a buffer overflow attack on
rpc.statd. The idea is that once the buffer is blown, they will get a
chance to issue a command as root. In the attack that was attempted on on
of the systems I was given to
66 matches
Mail list logo
