Hi George,
Cool - I will start playing with this as soon as I get some spare time.
:-)
As for ipchains and ipfwadm - bugger it. If we are going to make the
leap to a 2.4.x kernel, then I say we should also make the leap to a
true iptables stateful firewall configuration too.
I'm definitely int
> -Original Message-
> From: Steven Peck [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 19, 2001 11:11 PM
> To: '[EMAIL PROTECTED] '
> Subject: [Leaf-devel] 2.4 iptables exploit
>
>
> http://www.tempest.com.br/advisories/01-2001.html
> indicates a 2.4 kernel iptables exploit involv
> Okay gang, got the FTP security patch from the Netfilter boys and applied
> it. Kernel is compiled and I'm about to tar and gzip it. I also took the
> opportunity to go weeding.
>
> The final result is as follows:
>
> 1. Kernel is no longer able to mount filesystem images on the loopback
>de
Mike Noyes wrote:
>
> David Douthitt, 2001-04-19 16:51 -0500
> >The CDROM ISO contains the basic tree I would probably use, contained
> >within src/base the rest of the src directory would be packages.
> Did you ever get feedback on the "Source code + diffs for CVS"?
Not that I remember. T
George Metz wrote:
> The final result is as follows:
>
> 1. Kernel is no longer able to mount filesystem images on the loopback
>device.
This is something that Oxygen takes advantage of quite a bit; it's not
required, but even in the boot process it can be used as desired.
Oxygen has the a
Everyone,
I knew something strange was going on yesterday morning. Here is the
explanation. Let me know if you made any modifications to our site during
this hour.
~ Posted By: bigdisk
~ Date: 2001-04-19 08:55
~ Summary:SourceForge Database Restored
~
~ At about 6:00am PST this morning, the Sou
Eric Wolzak wrote:
> I need for a weblet a function that first check if teststring is already
> inserted in a file, if not it will be inserted. This to prevent that
> reloading will cause repeated insertions.
Something like this?
grep -q "$PAT" && sed '1i\
'$PAT'
'
This should work with a vali
Mike Noyes wrote:
> I knew something strange was going on yesterday morning. Here is the
> explanation. Let me know if you made any modifications to our site during
> this hour.
Don't think I did...
> ~ At about 6:00am PST this morning, the SourceForge
> ~ postgres database was corrupted and lo
I would definitely put serial back in for those of us who use serial
console. Everything else looks like a good idea.
--
Jack Coates
Monkeynoodle: It's what's for dinner!
On Fri, 20 Apr 2001, George Metz wrote:
> Okay gang, got the FTP security patch from the Netfilter boys and applied
> it. K
Charles Steinkuehler, 2001-04-20 08:45 -0500
>It'd be interesting to see how much each option affected size, but
>overall a 411K 2.4 kernel is VERY COOL, and should be quite usable for
>floppy firewalls. While I'd like to see a 'one size fits all' kernel,
>perhaps there could be a floppy only, mi
David Douthitt, 2001-04-20 09:21 -0500
>Mike Noyes wrote:
> > ~ At about 6:00am PST this morning, the SourceForge
> > ~ postgres database was corrupted and lost. We were
> > ~ able to restore from our 5AM dump, so minimal data
> > ~ loss occurred.
>
>That would be 9:00am CDT? Or did they forget t
Mike Noyes wrote:
> Third, does anyone have suggestions for the tree structure?
Didn't we already hash that out?
I like separate directories or CVS trees for each of the significant
distributions (base). Packages should probably be separate the
only interesting complication is that some sy
David Douthitt, 2001-04-20 10:22 -0500
> > How close are you to committing the Oxygen devel tree to CVS?
>
>The CDROM contains a direct image of the Oxygen development source
>tree, along with the packages. Everything in src/base is either a
>binary in the system or a package on the boot disk. E
patch for the exploit and a very good explanation.
>
> As long as you trust your internal users(!!?) and your ftp server is
> uncompromised, you can ignore this :)
>
should we?
That was a bit of an off hand joke Pedro. Looking at it, I realize that it
was not clear. The hack is ac
Charles Steinkuehler wrote:
> > These are the things I've thought about, and my opinions on them:
> >
> > * Include versions in the package name - not enough name space.
>
> Why not require VFAT support? I don't think it adds too much size to a
> compressed kernel.
Not a bad idea; however, the
David Douthitt, 2001-04-20 11:24 -0500
>I've had it up to here with all the different package formats - and
>none of them satisfy the above requirement. I've HP-UX boxes here
>(Software Depots), Unixware ("Packages"), Red Hat Linux (RPM), and
>until recently Debian (DEB). Makes me want to do wha
On Fri, 20 Apr 2001, Charles Steinkuehler wrote:
> > 1. Kernel is no longer able to mount filesystem images on the loopback
> >device.
>
> This seems like a bad thing, but it is probably tolerable. Why not make the
> loopback device a module? Note that a loopback device or a spare ramdisk
>
On Fri, 20 Apr 2001, David Douthitt wrote:
> George Metz wrote:
>
> > The final result is as follows:
> >
> > 1. Kernel is no longer able to mount filesystem images on the loopback
> >device.
>
> This is something that Oxygen takes advantage of quite a bit; it's not
> required, but even in th
On Fri, 20 Apr 2001, David Douthitt wrote:
> Not a bad idea; however, there are a few things that come to mind:
>
> * How do you create a VFAT diskette under Windows? Some may laugh; I
> for one am not sure how
Beats me. I think it's a simple matter of formatting under Windows. I'll
give it
Can ANYONE see a reason for Network Block Devices to be allowable as
anything other than a module? I can't even get a good idea of what
they're
used for, as it specifically states that you can use NFS/Coda/et al
without it.
--
George Metz
Commercial Routing Engineer
[EMAIL PROTECTED]
http://ww
On Fri, 20 Apr 2001, Steven Peck wrote:
> http://www2.linuxjournal.com/lj-issues/issue73/3778.html
> This article seems to indicate that NBD is obsoleted, but I am unable to
> determine at a cursory glance if this is the same NBD as the one you are
> talking about.
Either way, it's for remote
On Fri, 20 Apr 2001, George Metz wrote:
> On Fri, 20 Apr 2001, David Douthitt wrote:
>
> > Not a bad idea; however, there are a few things that come to mind:
> >
> > * How do you create a VFAT diskette under Windows? Some may laugh; I
> > for one am not sure how
>
> Beats me. I think it's
Hello David, jeff and all
>
> > I need for a weblet a function that first check if teststring is already
> > inserted in a file, if not it will be inserted. This to prevent that
> > reloading will cause repeated insertions.
>
> Something like this?
>
> grep -q "$PAT" && sed '1i\
> '$PAT'
> '
I
VERY informative, Jeff! Very much appreciate this new information
[EMAIL PROTECTED] wrote:
> vfat is backward-compatible. Microsoft used reserved features in the FAT
> format to implement its features, and included consistency checks with
> fallback to 8.3 behavior in case an older MSDOS sy
Man, I am so swamped. Ladybug needs to be whacked against the new Oxygen
release -- this shouldn't be too big of a deal, since the new Oxygen has
a fair number of the architectural changes I was working on built into
it (only better). So the work at this point is a matter of kernel
customization,
Now if that subject isn't incomprehensible, I don't know what is :-)
Seriously, as I understand it - the LEAF project will have *ONE* CVS
tree, and all of the administration of that CVS will be underneath
it. So those who can post to the Oxygen tree can post to the
EigerStein2Beta tree, and they
David Douthitt, 2001-04-20 16:25 -0500
>I like the long name idea, using VFAT. The only thing is, VFAT adds
>FAT to the kernel (pun intended :-) Just how big is this thing?
Would someone explain to me why we shouldn't use cramfs? I believe it works
with floppies too.
http://www.linuxdevices.c
On Fri, 20 Apr 2001, Mike Noyes wrote:
> David Douthitt, 2001-04-20 16:25 -0500
> >I like the long name idea, using VFAT. The only thing is, VFAT adds
> >FAT to the kernel (pun intended :-) Just how big is this thing?
>
> Would someone explain to me why we shouldn't use cramfs? I believe it wo
David Douthitt, 2001-04-20 17:02 -0500
>Now if that subject isn't incomprehensible, I don't know what is :-)
>
>Seriously, as I understand it - the LEAF project will have *ONE* CVS
>tree, and all of the administration of that CVS will be underneath
>it. So those who can post to the Oxygen tree ca
[EMAIL PROTECTED], 2001-04-20 16:30 -0700
>On Fri, 20 Apr 2001, Mike Noyes wrote:
>
> > David Douthitt, 2001-04-20 16:25 -0500
> > >I like the long name idea, using VFAT. The only thing is, VFAT adds
> > >FAT to the kernel (pun intended :-) Just how big is this thing?
> >
> > Would someone expla
On Fri, 20 Apr 2001, Mike Noyes wrote:
> [EMAIL PROTECTED], 2001-04-20 16:30 -0700
> >On Fri, 20 Apr 2001, Mike Noyes wrote:
> >
> > > David Douthitt, 2001-04-20 16:25 -0500
> > > >I like the long name idea, using VFAT. The only thing is, VFAT adds
> > > >FAT to the kernel (pun intended :-) Jus
[EMAIL PROTECTED], 2001-04-20 17:26 -0700
>On Fri, 20 Apr 2001, Mike Noyes wrote:
> > That doesn't sound good, but how is it different from the backup
> > scripts we use now?
>
>The disk need not be accessed for months at a time in an LRP box.
Jeff,
Understood. Thanks for taking the time to expla
On Fri, 20 Apr 2001, Mike Noyes wrote:
> [EMAIL PROTECTED], 2001-04-20 17:26 -0700
> >On Fri, 20 Apr 2001, Mike Noyes wrote:
> > > I thought this might be a good way to write protect hard drives
> > > and flash disks.
> >
> >Perhaps... or it may actually be _too_ restrictive, since you simply
>
On Fri, 20 Apr 2001, Mike Noyes wrote:
> >Now if that subject isn't incomprehensible, I don't know what is :-)
I'm sure given enough monkeys and typewriters, we can come up with a
better one, but you've got the lead so far David. =)
> I think the benevolent dictator approach is best. Everyone c
Heyaz. Curious for any leads, pointers, suggestions,
patient explanations here.
Here's the situation: given a Linux based NAT'ing
firewall/router in between a modem and a 802.11 access point,
I'd like to support an 802.11 network device that arrives on
the network which is prec
The only way I can see this working is if you:
a) know and define the subnet the fixed addresses will be in
b) don't ever need to get to that subnet on the Internet (or at least
not at the same time as you're using a wireless device).
Better ways: DHCP. It's pretty easy to write a .bat or .sh w
Jack:
Hurm. I know that I can't assure you of "a". In
fact, quite the opposite: I have no idea what people will
be bringing into the wireless LAN.
On the other hand, I can safely assure you of "b".
Can see your point: if I alias the internal interface to
some other subnet's gateway
> Getting back to your CVS comments from yesterday. I agree, we need to
start
> committing files to CVS. There are approximately six people working
> independently on the EigerStein update. Putting these individual pieces
> into CVS will allow all of us to build off of each others efforts.
>
> Fir
> > If so, I
> > think a separate tree for packages is in order. I also, like David's
diff
> > idea for them.
>
> This doesn't necessarily help in this case, though: the distributions
> now present are starting to show direct incompatabilities:
>
> * glibc 2.0.7 vs. glibc 2.1.3 vs. glibc 2.2 (futu
39 matches
Mail list logo
