Re: basically security of linux

2009-01-18 Thread Sune Vuorela
On 2009-01-16, Boyd Stephen Smith Jr. b...@iguanasuicide.net wrote: --nextPart7126651.dTOK38xoNi Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 2009 January 16 04:13:10 Michael Loftis wrote: --On January 16,

basically security of linux

2009-01-16 Thread Andreas Matthus
Hallo, I manage a lot of debian servers and try to install often the updates. So I had in mind my systems are well prepaired. (I follow also other security rules ;-) ) But since some days I mull over a question: What happens if a user run a selfcopy from a program with a security hole? I'm

Re: basically security of linux

2009-01-16 Thread Michael Loftis
--On January 16, 2009 10:31:35 AM +0100 Andreas Matthus andreas.matt...@tu-dresden.de wrote: Hallo, I manage a lot of debian servers and try to install often the updates. So I had in mind my systems are well prepaired. (I follow also other security rules ;-) ) But since some days I mull

Re: basically security of linux

2009-01-16 Thread Sébastien Le Ray
Le Fri, 16 Jan 2009 10:31:35 +0100, Andreas Matthus andreas.matt...@tu-dresden.de a écrit : Hallo, I manage a lot of debian servers and try to install often the updates. So I had in mind my systems are well prepaired. (I follow also other security rules ;-) ) But since some days I mull

Re: basically security of linux

2009-01-16 Thread Boyd Stephen Smith Jr.
On Friday 2009 January 16 04:13:10 Michael Loftis wrote: --On January 16, 2009 10:31:35 AM +0100 Andreas Matthus andreas.matt...@tu-dresden.de wrote: But since some days I mull over a question: What happens if a user run a selfcopy from a program with a security hole? I'm afraid he can get

Re: basically security of linux

2009-01-16 Thread Johannes Wiedersich
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Boyd Stephen Smith Jr. wrote: What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be found/fixed, and then running the old binary to exploit the hole? IIRC, a hard link is the same file called two

Re: basically security of linux

2009-01-16 Thread Boyd Stephen Smith Jr.
On Friday 2009 January 16 12:29:13 Johannes Wiedersich wrote: Boyd Stephen Smith Jr. wrote: What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be found/fixed, and then running the old binary to exploit the hole? IIRC, a hard link is the same file

Re: basically security of linux

2009-01-16 Thread Michael Loftis
--On January 16, 2009 7:29:13 PM +0100 Johannes Wiedersich johan...@physik.blm.tu-muenchen.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Boyd Stephen Smith Jr. wrote: What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be

Re: basically security of linux

2009-01-16 Thread Francois Bottin
Boyd Stephen Smith Jr. wrote: What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be found/fixed, and then running the old binary to exploit the hole? Does dpkg handle suid/sgid files so that this is prevented? Hi, Having /home, /tmp,

Re: basically security of linux

2009-01-16 Thread Boyd Stephen Smith Jr.
On Friday 2009 January 16 14:45:44 Michael Loftis wrote: --On January 16, 2009 7:29:13 PM +0100 Johannes Wiedersich johan...@physik.blm.tu-muenchen.de wrote: Boyd Stephen Smith Jr. wrote: What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be

Re: basically security of linux

2009-01-16 Thread Repasi Tibor
Boyd Stephen Smith Jr. wrote: Did you mean this to go to the list? I've replied directly to you, but feel free to repost my mail or part thereof to the list if you believe the discussion could continue there. Sorry, my fault. On Friday 2009 January 16 13:03:53 you wrote: Boyd Stephen

Re: basically security of linux

2009-01-16 Thread Boyd Stephen Smith Jr.
On Friday 2009 January 16 15:49:46 Repasi Tibor wrote: Boyd Stephen Smith Jr. wrote: On Friday 2009 January 16 13:03:53 you wrote: Boyd Stephen Smith Jr. wrote: What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be found/fixed, and then running

Re: basically security of linux

2009-01-16 Thread Mike Dornberger
Hi, On Fri, Jan 16, 2009 at 03:13:10PM -0600, Boyd Stephen Smith Jr. wrote: On Friday 2009 January 16 14:45:44 Michael Loftis wrote: [hardlinking (suid binaries in hope a vulnerability will be found)] you can't do it across drives, Right, but the default partitioning puts /sbin /usr/sbin

Re: basically security of linux

2009-01-16 Thread Boyd Stephen Smith Jr.
On Friday 16 January 2009, Mike Dornberger mike.dornber...@gmx.de wrote about 'Re: basically security of linux': Hi, just an addition: Often I've seen /home as a separate mount (mounted nosuid,nodev,...) and /tmp as tmpfs, but then we have /var/tmp (which can't be tmpfs, because it's purpose

Re: basically security of linux

2009-01-16 Thread Bernd Eckenfels
In article 20090117002104.ga...@wolfden.dnsalias.net you wrote: /tmp as tmpfs, but then we have /var/tmp (which can't be tmpfs, because it's purpose is to retain the files even across reboots). It is just supposed to hold larger data. No persistence in /var/tmp over reboots required. I

Re: basically security of linux

2009-01-16 Thread Russ Allbery
Bernd Eckenfels e...@lina.inka.de writes: In article 20090117002104.ga...@wolfden.dnsalias.net you wrote: /tmp as tmpfs, but then we have /var/tmp (which can't be tmpfs, because it's purpose is to retain the files even across reboots). It is just supposed to hold larger data. No persistence