Re: [SECURITY] [DSA 879-1] New gallery packages fix privilege escalation

postnuke, phpnike, mambo, ... -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To

Re: Security risks due to packages that are no longer part of Debian?

arch '~U' For current version: aptitude -F '%p# %v# %V# %t#' search '~U' -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 4

Re: restricting process limit

-d' : daemonize > '-m 5': Allow maximum 5 children > > Just checkout: man spamd I would suggest having a look at amavisd-new for running SA. I saw a big performance gain when switching from spamc+spamd to amavisd-new + SA deb http://

Re: restricting process limit

-d' : daemonize > '-m 5': Allow maximum 5 children > > Just checkout: man spamd I would suggest having a look at amavisd-new for running SA. I saw a big performance gain when switching from spamc+spamd to amavisd-new + SA deb http://

Strange bind error

Hi, For the first time I saw those curious errors. I don't understand where is the error, in my bind or in the remote client/server?? Any idea? Apr 21 22:00:50 volubilis named[12517]: socket.c:1100: unexpected error: Apr 21 22:00:50 volubilis named[12517]: internal_send: 203.147.0.49#0: Invalid

Strange bind error

Hi, For the first time I saw those curious errors. I don't understand where is the error, in my bind or in the remote client/server?? Any idea? Apr 21 22:00:50 volubilis named[12517]: socket.c:1100: unexpected error: Apr 21 22:00:50 volubilis named[12517]: internal_send: 203.147.0.49#0: Invalid

Openssh with chroot patch for sarge

Hi, As i saw that some people uses my packages with the chroot patch for woody, and as sarge is going to be stable in a week, a month, a year or so ;-), I just wan't to notice that I now maintain also the "unofficial" ssh package with chroot patch for sarge. (those packages are just the latest s

Openssh with chroot patch for sarge

Hi, As i saw that some people uses my packages with the chroot patch for woody, and as sarge is going to be stable in a week, a month, a year or so ;-), I just wan't to notice that I now maintain also the "unofficial" ssh package with chroot patch for sarge. (those packages are just the latest s

Re: Antivirus for proxy

On Mon, Mar 01, 2004 at 01:24:31PM +0700, Jean Christophe ANDRÉ wrote: > > * Raffaele D'Elia wrote: > > > This antivirus should protect web clients, not the proxy itself: I'm > > > quite sure I've already protected the server choosing debian... > > Le vendredi 27 février 2004 à 12h38 (+0100), Norb

Re: Antivirus for proxy

On Mon, Mar 01, 2004 at 01:24:31PM +0700, Jean Christophe ANDRÉ wrote: > > * Raffaele D'Elia wrote: > > > This antivirus should protect web clients, not the proxy itself: I'm > > > quite sure I've already protected the server choosing debian... > > Le vendredi 27 février 2004 à 12h38 (+0100), Norb

Re: suspicious files in /tmp

t this > L8823-7955TMP.txt.gz file could be? > It's a gzip file of the perl modules available from CPAN... Try "zcat your_file" -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0)

Re: suspicious files in /tmp

t this > L8823-7955TMP.txt.gz file could be? > It's a gzip file of the perl modules available from CPAN... Try "zcat your_file" -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0)

Re: creating password for a shadow file

e this: mkpasswd --hash=md5 --salt=YHxt6uZp monpass and compare it with the stored md5 pass ... if it's the same ... the user is authenticated. the salt is a random string generated at the time you create the "md5" pass. -- Emmanuel Lacour Easter

Re: creating password for a shadow file

e this: mkpasswd --hash=md5 --salt=YHxt6uZp monpass and compare it with the stored md5 pass ... if it's the same ... the user is authenticated. the salt is a random string generated at the time you create the "md5" pass. -- Emmanuel Lacour Easter

Re: OpenSSH

On Wed, Sep 17, 2003 at 12:41:48PM +0200, Lukas Ruf wrote: > > do you also provide the sources of your unofficial distribution? > I just uploaded them (http://debian.home-dn.net/woody/ssh/) apt-get source should work too -- Emmanuel Lacour Ea

Re: OpenSSH

date with last security fix) -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com

Re: OpenSSH

On Wed, Sep 17, 2003 at 12:41:48PM +0200, Lukas Ruf wrote: > > do you also provide the sources of your unofficial distribution? > I just uploaded them (http://debian.home-dn.net/woody/ssh/) apt-get source should work too -- Emmanuel Lacour Ea

Re: OpenSSH

date with last security fix) -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To U

Re: grsec patch over debian 2.4.20 kernel

ms for kernel-image, according to the changelog..., but it seems to be in kernel-source-2.4.20!!! +kernel-source-2.4.20 (2.4.20-3woody.2) stable; urgency=low + + * Fixed ptrace security hole. -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 P

Re: grsec patch over debian 2.4.20 kernel

t woody. For a 2.4.20 kernel grab sid's > kernel source or the plain vanilla kernel from kernel.org. > you've got a 2.4.20 for woody in the pool, you can get it via: deb http://http.us.debian.org/debian woody-proposed-updates main -- Emmanuel Lacour --

Re: Firewall Logs on Dialup Server

gd. > > man klogd > I typically add "-c 4" in KLOGD (/etc/init.d/klogd) to avoid the iptables logging to console. -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com

Re: H323 Gateways

pport Ouuuppss ;-) AW, it tooks only few minutes to build it... -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com

Re: H323 Gateways

I need to do this also, so I prepared a backport to woody of opengate-proxy, an h323 proxy present in sid. I will test this soon (this week probably). deb http://debian.home-dn.net/woody opengate-proxy/ -- Emmanuel Lacour Easter-eggs 44-46 rue de l

Re: H323 Gateways

pport Ouuuppss ;-) AW, it tooks only few minutes to build it... -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PRO

Re: H323 Gateways

I need to do this also, so I prepared a backport to woody of opengate-proxy, an h323 proxy present in sid. I will test this soon (this week probably). deb http://debian.home-dn.net/woody opengate-proxy/ -- Emmanuel Lacour Easter-eggs 44-46 rue de l

Cross site tracing and apache

Hi, Is there someone having information about this web vulnerability, goals and risks and how to disable it? -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +

Cross site tracing and apache

Hi, Is there someone having information about this web vulnerability, goals and risks and how to disable it? -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +

Re: Telnet forwarding ??

On Thu, Feb 20, 2003 at 11:28:29AM +0100, Stefan Neufeind wrote: > On 20 Feb 2003 at 9:59, Alan James wrote: > > > On Thu, 20 Feb 2003 05:35:01 +, Dale Amon <[EMAIL PROTECTED]> wrote: > > > > >> or maybe a FreeS/WAN implementation for cygwin (is there a native > > >> win implementation?) ...

Re: Telnet forwarding ??

On Thu, Feb 20, 2003 at 11:28:29AM +0100, Stefan Neufeind wrote: > On 20 Feb 2003 at 9:59, Alan James wrote: > > > On Thu, 20 Feb 2003 05:35:01 +, Dale Amon <[EMAIL PROTECTED]> wrote: > > > > >> or maybe a FreeS/WAN implementation for cygwin (is there a native > > >> win implementation?) ...

Re: Apache and backup files

On Wed, Jan 29, 2003 at 07:25:35PM +0100, Christoph Moench-Tegeder wrote: > ## Emmanuel Lacour ([EMAIL PROTECTED]): > > > What about adding in default httpd.conf something like this to protect > > from reading common editors backup files (index.php~ ...) > > What about u

Re: Apache and backup files

On Wed, Jan 29, 2003 at 07:25:35PM +0100, Christoph Moench-Tegeder wrote: > ## Emmanuel Lacour ([EMAIL PROTECTED]): > > > What about adding in default httpd.conf something like this to protect > > from reading common editors backup files (index.php~ ...) > > What about u

Apache and backup files

What about adding in default httpd.conf something like this to protect from reading common editors backup files (index.php~ ...) Order allow,deny Deny from all I think it could avoid fresh debian installs (and fresh admins...) giving us some unwanted web source-code... Waiting for c

Apache and backup files

What about adding in default httpd.conf something like this to protect from reading common editors backup files (index.php~ ...) Order allow,deny Deny from all I think it could avoid fresh debian installs (and fresh admins...) giving us some unwanted web source-code... Waiting for c

Re: Dedicated Firewall + snmpd smux 199/tcp

On Sat, Dec 14, 2002 at 02:27:48PM +0100, Matthias Hentges wrote: > Hello all! > > I'm in the process of setting up a dedicated firewall for my home > network. It only runs four services: smtp, snmp, ssh and fwlogwatch. > > I've run into a problem configuring snmpd to only use a fixed local IP. >

Re: Dedicated Firewall + snmpd smux 199/tcp

On Sat, Dec 14, 2002 at 02:27:48PM +0100, Matthias Hentges wrote: > Hello all! > > I'm in the process of setting up a dedicated firewall for my home > network. It only runs four services: smtp, snmp, ssh and fwlogwatch. > > I've run into a problem configuring snmpd to only use a fixed local IP. >

Re: apache failed

On Mon, Dec 02, 2002 at 02:59:32PM +0100, Mathieu Laurent wrote: > It 's not the error messages when logrotate reload apache config. I have > this problem after a request. > > I have two webserver with the same config. And I can see that the two > servers receive this request and one of them die

Re: apache failed

On Mon, Dec 02, 2002 at 12:26:12PM +0100, Mathieu Laurent wrote: > Hi, > > My webserver with apache (+ mod_ssl) failed when I receive a worms attack. > > I see this message in the error log: [error] [client xxx.xxx.xxx.xxx] > client sent HTTP/1.1 request without hostname (see RFC2616 section 14.

Re: apache failed

On Mon, Dec 02, 2002 at 02:59:32PM +0100, Mathieu Laurent wrote: > It 's not the error messages when logrotate reload apache config. I have > this problem after a request. > > I have two webserver with the same config. And I can see that the two > servers receive this request and one of them die

Re: apache failed

On Mon, Dec 02, 2002 at 12:26:12PM +0100, Mathieu Laurent wrote: > Hi, > > My webserver with apache (+ mod_ssl) failed when I receive a worms attack. > > I see this message in the error log: [error] [client xxx.xxx.xxx.xxx] > client sent HTTP/1.1 request without hostname (see RFC2616 section 14.

Re: port 113

On Mon, Dec 02, 2002 at 10:55:28AM +, jjj3 wrote: > > Hi All, > > Logs in my firewall shows me incoming connections to port 113 of the > firewall!! What it means? > start here!! http://groups.google.com/groups?q=port+113&meta=site%3Dgroups -- Easter-eggsSp

Re: port 113

On Mon, Dec 02, 2002 at 10:55:28AM +, jjj3 wrote: > > Hi All, > > Logs in my firewall shows me incoming connections to port 113 of the > firewall!! What it means? > start here!! http://groups.google.com/groups?q=port+113&meta=site%3Dgroups -- Easter-eggsSp

Re: unknown udp port

On Thu, Nov 21, 2002 at 07:26:13PM +0200, Costas Magos wrote: > Hi all, > > Anyone knows what 1025 udp stands for? This is a newly installed woody > on a sparc classic. > > try netstat -lp as root, to show the pid doing this. -- Easter-eggsSpécialiste GNU/Li

Re: unknown udp port

On Thu, Nov 21, 2002 at 07:26:13PM +0200, Costas Magos wrote: > Hi all, > > Anyone knows what 1025 udp stands for? This is a newly installed woody > on a sparc classic. > > try netstat -lp as root, to show the pid doing this. -- Easter-eggsSpécialiste GNU/Li

Re: chrooting apache[ssl,php,perl] and some mta

On Sat, Nov 09, 2002 at 03:48:39AM +0100, Michael Ablassmeier wrote: > On Sat, Nov 09, 2002 at 12:32:40AM -0200, Henrique de Moraes Holschuh wrote: > > > > You could have a proper MTA outside the chroots (like postfix or exim). And > > a bogus, stupid, cat-it-to-localhost-port-25 MTA inside the ch

Re: chrooting apache[ssl,php,perl] and some mta

On Sat, Nov 09, 2002 at 03:48:39AM +0100, Michael Ablassmeier wrote: > On Sat, Nov 09, 2002 at 12:32:40AM -0200, Henrique de Moraes Holschuh wrote: > > > > You could have a proper MTA outside the chroots (like postfix or exim). And > > a bogus, stupid, cat-it-to-localhost-port-25 MTA inside the ch

Re: Chrooted mysqld sock file problem

On Wed, Oct 30, 2002 at 03:24:06PM +0100, Domonkos Czinke wrote: > Hi ppl :) > > My question is related to a chrooted Apache(+php) and Mysql. They live > in two different chrooted environment and the problem is that I have > several php programs which wanna use the mysql, but they can't use it > s

Re: Chrooted mysqld sock file problem

On Wed, Oct 30, 2002 at 03:24:06PM +0100, Domonkos Czinke wrote: > Hi ppl :) > > My question is related to a chrooted Apache(+php) and Mysql. They live > in two different chrooted environment and the problem is that I have > several php programs which wanna use the mysql, but they can't use it > s

Apache 1.3.27 vs 1.3.26 debian

I'm in doubt, the difference between 1.3.26 and 1.3.27 is security bugfix. Is the 1.3.26 debian apache from security containing all of those bugfixes? -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (

Apache 1.3.27 vs 1.3.26 debian

I'm in doubt, the difference between 1.3.26 and 1.3.27 is security bugfix. Is the 1.3.26 debian apache from security containing all of those bugfixes? -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33

Re: no more /sbin in root path... been rooted?

On Thu, Sep 05, 2002 at 03:10:13PM +0700, Indra Kusuma wrote: > On Thu, 5 Sep 2002, David Raulo wrote: > > # > Did you login via SSH ?? > # > > # > # No (I don't have a sshd running). The problem occurs when I log directly on > # console, or when I do "su -" from an xterm. > # Have you got an idea

Re: secure file transfer

On Tue, Jun 04, 2002 at 09:58:55AM -0400, Jon McCain wrote: > > > > Renato Lozano wrote: > > > > Hi All, > > > > I am trying to implement a way of transfering files securely over the snip > > You can remove the sftp-server program to

Re: secure file transfer

On Tue, Jun 04, 2002 at 09:58:55AM -0400, Jon McCain wrote: > > > > Renato Lozano wrote: > > > > Hi All, > > > > I am trying to implement a way of transfering files securely over the snip > > You can remove the sftp-server program t

Out of topic

Is there anyone working in/near Coventry in England who can act as a debian consultant for file server installation/admin. Thx. Reply directly to me ... this is out of list topic -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Pa

Out of topic

Is there anyone working in/near Coventry in England who can act as a debian consultant for file server installation/admin. Thx. Reply directly to me ... this is out of list topic -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 P

Re: cups security (fwd)

Torrin <[EMAIL PROTECTED]> > To: Emmanuel Lacour <[EMAIL PROTECTED]> > Subject: Re: cups security > > Hmmm . . . you forgot, > > apt-get install cupsys-driver-gimpprint > gunzip .gz > cp driver /usr/share/cups/model > > I guess that is only if the proper

Re: cups security (fwd)

Torrin <[EMAIL PROTECTED]> > To: Emmanuel Lacour <[EMAIL PROTECTED]> > Subject: Re: cups security > > Hmmm . . . you forgot, > > apt-get install cupsys-driver-gimpprint > gunzip .gz > cp driver /usr/share/cups/model > > I guess that is only if the proper

Re: cups security

On Thu, Apr 11, 2002 at 09:56:51AM -0500, Torrin wrote: > Good morning everybody, well at least morning over here in Cali. For > everybody else, Good afternoon, good evening and good night. > > I just installed cups and I was wondering if it's possible to have cups > run properly without having p

Re: A question about some network services

On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: > First of all thanks to all for responses. > > On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > > On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: > > > > > > 'time' is RFC 8

Re: A question about some network services

On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: > First of all thanks to all for responses. > > On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > > On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: > > > > > > 'time'

Re: A question about some network services

On Tue, Apr 02, 2002 at 11:49:53AM -0700, Will Aoki wrote: > On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote: > > On Tue, Apr 02, 2002 at 07:45:21PM +0200, eim wrote: > > > A question about some network services > > > == > > > > > > Hallo Debian fol

Re: A question about some network services

On Tue, Apr 02, 2002 at 11:49:53AM -0700, Will Aoki wrote: > On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote: > > On Tue, Apr 02, 2002 at 07:45:21PM +0200, eim wrote: > > > A question about some network services > > > == > > > > > > Hallo Debian fo

Re: scp and sftp

On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: > I've been playing around with the scp and sftp components of putty and > noticed what I consider a security hole. Winscp does the same thing. > The user can change to directories above their home. Is there a way to > chroot them like

Re: scp and sftp

On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: > I've been playing around with the scp and sftp components of putty and > noticed what I consider a security hole. Winscp does the same thing. > The user can change to directories above their home. Is there a way to > chroot them like

Re: best way to create pop only accounts

On Mon, Mar 11, 2002 at 04:10:10PM +0100, Alexander Reelsen wrote: > Hiya > > On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña > wrote: > > On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote: > > >Which is the best way to create a POP only account? jus

Re: best way to create pop only accounts

On Mon, Mar 11, 2002 at 04:10:10PM +0100, Alexander Reelsen wrote: > Hiya > > On Mon, Mar 11, 2002 at 03:40:18PM +0100, Javier Fernández-Sanguino Peña wrote: > > On Mon, Mar 11, 2002 at 09:21:45AM -0300, Pedro Zorzenon Neto wrote: > > >Which is the best way to create a POP only account? just

Re: how to create MD5 passwords

On Thu, Jan 24, 2002 at 08:56:56AM +0100, Rainer Sigl wrote: > Hi everyone, > please can me tell somebody how to make MD5 passwords in order > to supply it to ftppasswd file? > mkpasswd -H md5 mon_password mkpasswd --version GNU mkpasswd 4.5.16 -- Easter-eggsSp

Re: how to create MD5 passwords

On Thu, Jan 24, 2002 at 08:56:56AM +0100, Rainer Sigl wrote: > Hi everyone, > please can me tell somebody how to make MD5 passwords in order > to supply it to ftppasswd file? > mkpasswd -H md5 mon_password mkpasswd --version GNU mkpasswd 4.5.16 -- Easter-eggsS

libpam-mysql, libnss-mysql config files rights

Hi, I'm just testing mysql authentication with pam and libnss and I saw that all files in /etc/pam.d/ are 0644 mode. But with libpam-mysql I have to put in /etc/pam.d/qpopper (for example) login and password of the user who can show paswords in my database So who can tell me one thing which e

libpam-mysql, libnss-mysql config files rights

Hi, I'm just testing mysql authentication with pam and libnss and I saw that all files in /etc/pam.d/ are 0644 mode. But with libpam-mysql I have to put in /etc/pam.d/qpopper (for example) login and password of the user who can show paswords in my database So who can tell me one thing which

Re: Mailserver HDD organization

On Thu, Jan 17, 2002 at 09:16:05AM -0800, J C Lawrence wrote: > On 17 Jan 2002 07:06:37 +0100 > eim <[EMAIL PROTECTED]> wrote: > > > I was thinking about a partition for /, one for boot, one for > > /var/spool/mail and some other important system parts. > > MTAs are inherently disk IO bound. A

Re: Mailserver HDD organization

On Thu, Jan 17, 2002 at 09:16:05AM -0800, J C Lawrence wrote: > On 17 Jan 2002 07:06:37 +0100 > eim <[EMAIL PROTECTED]> wrote: > > > I was thinking about a partition for /, one for boot, one for > > /var/spool/mail and some other important system parts. > > MTAs are inherently disk IO bound.

Re: your mail

On Mon, Nov 12, 2001 at 10:46:13AM +0100, Beno?t MARTINET wrote: > Hi, > > I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed > to login > using root and users' passwords. Password authentication failed all the time > and it > prompted "Permission Denied" on the command l

Re: your mail

On Mon, Nov 12, 2001 at 10:46:13AM +0100, Beno?t MARTINET wrote: > Hi, > > I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed > to login > using root and users' passwords. Password authentication failed all the time > and it > prompted "Permission Denied" on the command

Re: Debconf and noexec on /tmp

Ok, thanks for all the comments, I remember have been seen that we could run a program in a noexec partition like you said. So I will continue without noexec (and do more stuff on more usefull security tricks). Just one question: What's the use of noexec flag??? -- Easter-eggs

Debconf and noexec on /tmp

Hi, I've got an ix86 with woody installed today, made a separate partition for /tmp and mounted it noexec (I thinks it's a good Idea...). When apt-get installing ntpdate, I got the folowing error: Can't exec "/tmp/config.4271": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159 ...

Re: Debconf and noexec on /tmp

Ok, thanks for all the comments, I remember have been seen that we could run a program in a noexec partition like you said. So I will continue without noexec (and do more stuff on more usefull security tricks). Just one question: What's the use of noexec flag??? -- Easter-eggs

Debconf and noexec on /tmp

Hi, I've got an ix86 with woody installed today, made a separate partition for /tmp and mounted it noexec (I thinks it's a good Idea...). When apt-get installing ntpdate, I got the folowing error: Can't exec "/tmp/config.4271": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159 ..

Re: [off-topic?] Chrooting ssh/telnet users?

On Mon, Oct 29, 2001 at 01:51:48PM +0100, Christian Kurz wrote: > On 29/10/01, Emmanuel Lacour wrote: > > On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote: > > What about a package ssh-chroot in debian? I think the pam module is > > more interesting as it c

Re: [off-topic?] Chrooting ssh/telnet users?

On Mon, Oct 29, 2001 at 01:51:48PM +0100, Christian Kurz wrote: > On 29/10/01, Emmanuel Lacour wrote: > > On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote: > > What about a package ssh-chroot in debian? I think the pam module is > > more interesting as it c

Re: [off-topic?] Chrooting ssh/telnet users?

On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote: > There is a chroot patch for the potato openssh-1.2.3 source in /contrib > however it appears to be broken. > > I have created a modified diff for the Debian package source which will > apply the patch correctly and build an ssh_1.2.

Re: [off-topic?] Chrooting ssh/telnet users?

On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote: > There is a chroot patch for the potato openssh-1.2.3 source in /contrib > however it appears to be broken. > > I have created a modified diff for the Debian package source which will > apply the patch correctly and build an ssh_1.2

Re: Connection problem

On Tue, Oct 23, 2001 at 12:09:36PM +0200, Emmanuel Lacour wrote: > Hi, > > It's maybe a little bit off topic, but I think someone in this list can > help me: > > I've got a firewall debian potato, kernel 2.2.17pre6, doing masquerading > and other rules over

Re: Connection problem

On Tue, Oct 23, 2001 at 12:09:36PM +0200, Emmanuel Lacour wrote: > Hi, > > It's maybe a little bit off topic, but I think someone in this list can > help me: > > I've got a firewall debian potato, kernel 2.2.17pre6, doing masquerading > and other rules over

Connection problem

Hi, It's maybe a little bit off topic, but I think someone in this list can help me: I've got a firewall debian potato, kernel 2.2.17pre6, doing masquerading and other rules over an adsl pppoe line. All worked perfectly but since two weeks ( without doing any changes ) I'm unable to go to certain

Connection problem

Hi, It's maybe a little bit off topic, but I think someone in this list can help me: I've got a firewall debian potato, kernel 2.2.17pre6, doing masquerading and other rules over an adsl pppoe line. All worked perfectly but since two weeks ( without doing any changes ) I'm unable to go to certai

Re: password expire and sshd doesn't allow ppl to change it

On Sat, 22 Sep 2001 03:33:31 -0800 Ethan Benson <[EMAIL PROTECTED]> wrote: > On Sat, Sep 22, 2001 at 10:30:53AM +0200, Luca Gibelli wrote: > > > > > > I created a new account for testing purposes and put the following limits on > > its password age: > > known bug in potato's ssh, password expir

Re: password expire and sshd doesn't allow ppl to change it

On Sat, 22 Sep 2001 03:33:31 -0800 Ethan Benson <[EMAIL PROTECTED]> wrote: > On Sat, Sep 22, 2001 at 10:30:53AM +0200, Luca Gibelli wrote: > > > > > > I created a new account for testing purposes and put the following limits on > > its password age: > > known bug in potato's ssh, password expi

Re: Running root commands by http (END)

On Thu, 23 Aug 2001 11:09:59 -0500 " Paul C. Nendick " <[EMAIL PROTECTED]> wrote: > The reason the web based solution to this is not forthcoming is > that this is not a web problem. The real solution is to hire > trustworthy admins capable of learning the right way to admin > their systems. I

Re: Running root commands by http (END)

On Thu, 23 Aug 2001 11:09:59 -0500 " Paul C. Nendick " <[EMAIL PROTECTED]> wrote: > The reason the web based solution to this is not forthcoming is > that this is not a web problem. The real solution is to hire > trustworthy admins capable of learning the right way to admin > their systems.

Re: Running root commands by http

On Thu, 23 Aug 2001 15:21:23 +0100 "Karl E. Jorgensen" <[EMAIL PROTECTED]> wrote: > Sounds like you're getting into doing "normal" remote admin of a box. > But why over HTTP ? If you have network connectivity to it, ssh should > do the job (ssh in as yourself and su/sudo to root?). > > If you ca

Re: Running root commands by http

On Thu, 23 Aug 2001 15:21:32 +0200 Jean Baptiste Lallement <[EMAIL PROTECTED]> wrote: > Hi, > > U could use sudo ? > > Excerpt from http://www.courtesan.com/sudo/ > --- > Sudo (superuser do) allows a system administrator to give certain > users (or groups of users) the ability to run some (or a

Re: Running root commands by http

On Thu, 23 Aug 2001 09:46:52 -0400 (EDT) Eric LeBlanc <[EMAIL PROTECTED]> wrote: > Do u know webmin? > > http://webadmin.sourceforge.net/webmin/ Of course, but I think it's not necessary to use an as big program for this purpose. -- Easter-eggsSpécialiste GN

Running root commands by http

Hi, I wan't to get some opinions on doing this: Making someone to be able to create unix users by an http method (from an http browser). Making someone to be able to restart a daemon under the identity of root from http. I think about some methods: Running a cgi or system()

Re: Running root commands by http

On Thu, 23 Aug 2001 15:21:23 +0100 "Karl E. Jorgensen" <[EMAIL PROTECTED]> wrote: > Sounds like you're getting into doing "normal" remote admin of a box. > But why over HTTP ? If you have network connectivity to it, ssh should > do the job (ssh in as yourself and su/sudo to root?). > > If you c

Re: Ssh + chroot

On Thu, 23 Aug 2001 13:26:45 +0200 Michael Wood <[EMAIL PROTECTED]> wrote: > I haven't been following the thread. Do you get the message as > soon as you run sshd or just when someone tries to log in? > I get the message when I try to do an scp from local to the chrooted host(as it must run s

Re: Running root commands by http

On Thu, 23 Aug 2001 15:21:32 +0200 Jean Baptiste Lallement <[EMAIL PROTECTED]> wrote: > Hi, > > U could use sudo ? > > Excerpt from http://www.courtesan.com/sudo/ > --- > Sudo (superuser do) allows a system administrator to give certain > users (or groups of users) the ability to run some (or

Re: Running root commands by http

On Thu, 23 Aug 2001 09:46:52 -0400 (EDT) Eric LeBlanc <[EMAIL PROTECTED]> wrote: > Do u know webmin? > > http://webadmin.sourceforge.net/webmin/ Of course, but I think it's not necessary to use an as big program for this purpose. -- Easter-eggsSpécialiste GN

Re: Ssh + chroot

On Thu, 23 Aug 2001 11:19:58 +0100 Nick Phillips <[EMAIL PROTECTED]> wrote: > > Anyone having an Idea? > > Can't see that you got a response to this... you probably need the PAM > stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf > or other stuff in pam.d). > > Cheers

Running root commands by http

Hi, I wan't to get some opinions on doing this: Making someone to be able to create unix users by an http method (from an http browser). Making someone to be able to restart a daemon under the identity of root from http. I think about some methods: Running a cgi or system()

Re: Ssh + chroot

On Thu, 23 Aug 2001 13:26:45 +0200 Michael Wood <[EMAIL PROTECTED]> wrote: > I haven't been following the thread. Do you get the message as > soon as you run sshd or just when someone tries to log in? > I get the message when I try to do an scp from local to the chrooted host(as it must run

  1   2   >