Volker Armin Hemmann writes:
> On Wednesday 17 September 2008, kashani wrote:
> > Vaeth wrote:
> > >> Could you please use a mail client which insert correctly the
> > >> fields "In-Reply-To" ans "Reference" ?
> > >
> > > Thanks for the hint, I was not aware of this. But unfortunately, it
> > > app
Hi Vaeth,
on Wed, Sep 17, 2008 at 10:40:47AM +0200, you wrote:
> > > Alan Cox: "chroot is not and never has been a security tool", see e.g.
> > > http://kerneltrap.org/Linux/Abusing_chroot
> >
> > No disrespect to Mr. Cox but a silly argument stays a silly argument
> > even if brought forward by A
Am Thursday 18 September 2008 12:34:17 schrieb Matthias Bethke:
> Hi Vaeth,
>
> on Wed, Sep 17, 2008 at 09:49:08AM +0200, you wrote:
> > > [...] that in any halfway sane router these NAT problems are not an
> > > issue. And with many routers running Linux today so you can even get a
> > > shell and
Hi Vaeth,
on Wed, Sep 17, 2008 at 09:49:08AM +0200, you wrote:
> > [...] that in any halfway sane router these NAT problems are not an
> > issue. And with many routers running Linux today so you can even get a
> > shell and check iptables... :)
>
> We are obviously talking about a different price
On Wednesday 17 September 2008, kashani wrote:
> Vaeth wrote:
> >> Could you please use a mail client which insert correctly the fields
> >> "In-Reply-To" ans "Reference" ?
> >
> > Thanks for the hint, I was not aware of this. But unfortunately, it
> > appears that it is not just a question of the
Vaeth wrote:
Could you please use a mail client which insert correctly the fields
"In-Reply-To" ans "Reference" ?
Thanks for the hint, I was not aware of this. But unfortunately, it
appears that it is not just a question of the mail client:
I am subsribed to the list as post-only (for several r
> Could you please use a mail client which insert correctly the fields
> "In-Reply-To" ans "Reference" ?
Thanks for the hint, I was not aware of this. But unfortunately, it
appears that it is not just a question of the mail client:
I am subsribed to the list as post-only (for several reasons whic
Could you please use a mail client which insert correctly the fields
"In-Reply-To" ans "Reference" ?
--
Nicolas Sebrecht
Matthias Bethke wrote:
> > > I'd say the vast majority of chroot jails are there for nothing
> > > else but security.
> >
> > Alan Cox: "chroot is not and never has been a security tool", see e.g.
> > http://kerneltrap.org/Linux/Abusing_chroot
>
> No disrespect to Mr. Cox but a silly argument s
On Tue, 16 Sep 2008, Matthias Bethke wrote:
> [...] that in any halfway sane router these NAT problems are not an
> issue. And with many routers running Linux today so you can even get a
> shell and check iptables... :)
We are obviously talking about a different price category of routers.
Most r
Hi Vaeth,
on Tue, Sep 16, 2008 at 08:36:28PM +0200, you wrote:
> > > Also a chroot jail is not a security feature: There are several
> > > ways known how to break out.
> >
> > [...] But there's only one reason I can see why you'd use a
> > chroot environment *except* for security and that's to hav
Hi Vaeth,
on Tue, Sep 16, 2008 at 07:54:43PM +0200, you wrote:
> > I don't even see why you'd strictly need connection tracking to avoid
> > attacks made possible by grossly misconfigured ISP routers. Your router
> > knows that packets with a destination address of 10/8, 192.168/16 and
> > the like
On Tuesday 16 September 2008 19:29:21 Matthias Bethke wrote:
> I'd say the vast majority of
> chroot jails are there for nothing else but security.
Replace "security" with "warm fuzzy feeling of apparent security that actually
doesn't exist" and you're close to the mark. The sole positive of usin
Matthias Bethke wrote:
> Hi Vaeth, [...]
> >
> > Also a chroot jail is not a security feature: There are several
> > ways known how to break out.
>
> [...] But there's only one reason I can see why you'd use a
> chroot environment *except* for security and that's to have more than
> one set of
On Tue, 16 Sep 2008, Matthias Bethke wrote:
> I don't even see why you'd strictly need connection tracking to avoid
> attacks made possible by grossly misconfigured ISP routers. Your router
> knows that packets with a destination address of 10/8, 192.168/16 and
> the like have absolutely no busin
Hi Vaeth,
on Tue, Sep 16, 2008 at 07:14:48PM +0200, you wrote:
> > In addition, the default rsyncd configuration with Gentoo uses a chroot
> > jail.
>
> Also a chroot jail is not a security feature: There are several ways known
> how to break out.
Huh? In the case of NAT it's reasonable to say it
Hi Neil,
on Tue, Sep 16, 2008 at 04:59:39PM +0100, you wrote:
> > Except that this is not completely true: See some of the many articles
> > in the net which explain why NAT is not a security feature. A quick
> > google search gave e.g.
> > http://www.nexusuk.org/articles/2005/03/12/nat_security/
>
Neil Bothwick wrote:
> On Tue, 16 Sep 2008 17:29:16 +0200 (CEST), Vaeth wrote:
>
> > > If you are using NAT on the router, you have to explicitly forward
> > > that port somewhere for it to work. [...]
> >
> > Except that this is not completely true [...]
>
> "So the router maintains a databa
On Tue, 16 Sep 2008 17:29:16 +0200 (CEST), Vaeth wrote:
> > If you are using NAT on the router, you have to explicitly forward
> > that port somewhere for it to work. [...]
>
> Except that this is not completely true: See some of the many articles
> in the net which explain why NAT is not a sec
On Tue, 16 Sep 2008, Neil Bothwick wrote:
> On Tue, 16 Sep 2008 13:49:36 +0200 (CEST), Vaeth wrote:
>
> > It is always better to have a port not open than to rely on a router
> > to "close" it apparently.
>
> If you are using NAT on the router, you have to explicitly forward that
> port somewher
20 matches
Mail list logo
