From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Thu, 13 Oct 94 15:14:12 EDT Subject: Linux-Admin Digest #188 Linux-Admin Digest #188, Volume #2 Thu, 13 Oct 94 15:14:12 EDT Contents: Re: Mystery Chip...AMD (Marten Liebster) Re: Telnet & ftp freeze! (Trevor Lampre) Re: Please don't post security holess... (Matthew Donadio) Re: fsck during boot: already mounted (Harvey J. Stein) Re: New Adeptec SCSI not detected (Mark A. Horton KA4YBR) Accidentally 'bash' file permissions are made 000. Thus I am unable to (N B Venkateswarlu) Re: Please don't post security holess... (Matthew Dharm) Re: Extreme delays telnetting into linux box (David - Morris) Re: Has anyone gotten ftape to work? (Another Totoro) Re: Ftape works...Not yet (Another Totoro) Re: Security hole - has noone noticed so far? (Eberhard Moenkeberg) Re: Xfig (DAVID L. JOHNSON) Re: Security hole - has noone noticed so far? (Matthew Donadio) Re: Ethernet NE2000 clone installation problem (Donald Becker) Re: Security hole - has noone noticed so far? (Ralph Sims) Re: Security hole - has noone noticed so far? (Ralph Sims) ---------------------------------------------------------------------------- From: mmarten@panix.com (Marten Liebster) Crossposted-To: comp.sys.ibm.pc.hardware.systems,comp.os.linux.misc Subject: Re: Mystery Chip...AMD Date: 13 Oct 1994 12:22:57 -0400 Gregory Urban (urban@cs.umbc.edu) wrote: : In article <37jjnd$9m6@panix2.panix.com>, : Marten Liebster wrote: : > : >So when is AMD comming out with a 486dx4-120? :-) : > : >Marten : NO, NO, NO !!!!!!!!!! : Only Intel uses STUPID names for their chips. AMD will produce a DX3/120 : (clock tripled, 40mhz external, 120mhz internal). Isn't a DX3 an IBM chip? If AMD used dx3 it would seem that they were cloning an IBM chip rather than the real Chip. I thought that dx3s are used in the blue lightning system? I am probably way off, but that is not anything new :) Marten -- ======================================== Marten M. Liebster Please no flames for spelling, mmarten@panix.com I already know I can't spell!! ------------------------------ From: trevor@xanax.apana.org.au (Trevor Lampre) Crossposted-To: comp.os.linux.help,comp.os.linux.misc,comp.os.linux.development Subject: Re: Telnet & ftp freeze! Date: 11 Oct 1994 16:45:31 +0930 In article <3714bd$1bn7@tornews.torolab.ibm.com>, Colin Beckmann wrote: >Ralph Sims (ralphs@halcyon.halcyon.com) wrote: >: root@jaguar.tigerden.com (System Administrator) writes: > >: >Trevor Lampre (trevor@xanax.apana.org.au) wrote: > >[stuff deleted] >: >for confirming what we've been seeing! I suggest we keep this thread >: >open and fill it with additional information until the problem gets the >: >attention it needs. I'm not a programmer, much less a kernel hacker, so >: >I can only voice frustration with the situation. > >: And what about those of us that DON'T see it? Basic setup is a >: dedicated PPP link on a 14.4 dialup, NET-3 stuff, ppd 2.1.2a, >: etc., with an InfoMagic/TransAmeritech CD-ROM combined install. > >: I move many megabytes of files around via FTP daily, and another >: many megs around with mosaic and lynx. Sendmail+IDA's been >: rock-solid. > >[stuff deleted] > >If your not seeing be thankful and provide your system configuration >so the experts can see whats working and whats not working > >I am NOT seeing th problem, Have a 14.4 modem using NET-3 pppd 2.2.2a with >slackware 1.2 , and kernel 1.1.30. I have downloaded 20 and 30 megs in a >single session via ftp and never had a problem. I regularly rlogin to >other sites, once again without problem > The problem is not with telneting or ftping out from the machine but with incoming connections. Not all daemons suffer from it. On my machine it has been telnet mostly, ftp rarely, sendmail 8.6.9 rarely, routed rarely. INN never has a problem even though it gets about 60M of news a day. Trevor Lampre ------------------------------ From: donadio@mxd120.rh.psu.edu (Matthew Donadio) Subject: Re: Please don't post security holess... Date: 10 Oct 1994 02:10:29 GMT Steve Kneizys (STEVO@acad.ursinus.edu) wrote: : If there was a security developers group, then the holes could : be emailed to them for evaluation so as not to publicize the hole : long before the fix. Or make a moderated comp.os.linux.security : group? Why? That's what comp.security.announce is for. The vast majority of software used under linux is not linux specific. The only real stuff that linux specific is in /etc or /sbin and a good chunk of that is generic unix software. -- Beaker aka Matt Donadio | Life is short, --- __ o __~o __ o donadio@mxd120.rh.psu.edu | ride like ---- _`\<, _`\<, _`\<, --- Penn State Cycling ---| the wind. --- ( )/( ) ( )/( ) ( )/( ) ====================================URL: http://mxd120.rh.psu.edu/~donadio ------------------------------ Subject: Re: fsck during boot: already mounted From: hjstein@sunset.huji.ac.il (Harvey J. Stein) Date: 11 Oct 94 10:12:03 In article <376j1e$6ga@geraldo.cc.utexas.edu> slc@PROBLEM_WITH_INEWS_DOMAIN_FILE (Scott L. Crutchfield) writes: I am running Yggdrasil P&P (summer 1994). It used to check the filesystems every once in a while when during startup, even if they were clean ("maximal mount-count reached"). Now it always complains that the partitions are already mounted and it's aborting the checks. I always shut down with "halt". I don't think I did anything to /etc/rc or /etc/rc.local, but it's been a while so I can't be sure. If you recompiled the kernel, you need to run rdev to modify the boot image so that it mounts the root read-only. Also, how about adding a .signature with your email address, since your news post doesn't include a proper email address for you. -- Harvey J. Stein Berger Financial Research hjstein@math.huji.ac.il ------------------------------ From: mah@ka4ybr.com (Mark A. Horton KA4YBR) Subject: Re: New Adeptec SCSI not detected Date: Mon, 10 Oct 1994 01:41:31 GMT Mark Curtis (leadfoot@leftlane) wrote: : I can't change it. I have other hardware that is using that port : address. My MMU-401 MIDI card is using 330 and IRQ 2. All the : MIDI software and games using general MIDI all assume 330. If I move : the MIDI card to some other address and then move the 1542CF to : 330 I'll have MIDI software sending strange stuff to my SCSI adapter. : Some of the MIDI software can be configured, but much of it just : assumes 330, the factory default for MIDI cards. : The SCSI controller supports 130, 134, 230, 234, 330, and 334. I : have the Adaptec SCSI bios at the factory default address, but I : did move the port base to 230. In DOS/Windows this all works fine. : I'd try hacking on the driver, but I have to get the system loaded : before I can do that. I can't load the system because all my : disks, CDROM, and tape drive all run off the SCSI controller. : I'm Stuck! Unglue yourself! ;) Use port address 0x334 for the Adaptec. According to the code in /usr/src/linux/drivers/scsi/aha1542.c : (always the best source of documentation!) /* The adaptec can be configured for quite a number of addresses, but I generally do not want the card poking around at random. We allow two addresses - this allows people to use the Adaptec with a Midi card, which also used 0x330 */ static unsigned int bases[]={0x330, 0x334}; Hope this helps out. -- Mark -- "Linux! Guerrilla UNIX Development Venimus, Vidimus, Dolavimus." ============================================================ Mark A. Horton ka4ybr mah@ka4ybr.atlanta.com P.O. Box 747 Decatur GA US 30031-0747 mah@ka4ybr.atl.ga.us +1.404.371.0291 : 33 45 31 N / 084 16 59 W mah@ka4ybr.com ------------------------------ From: venkat@scs.leeds.ac.uk (N B Venkateswarlu) Subject: Accidentally 'bash' file permissions are made 000. Thus I am unable to Date: Wed, 12 Oct 1994 09:23:49 +0100 (BST) Hi, While I am compressing executables with 'gexe', I have changed permissions of 'bash' file (shell executable) as 000 such that it will not be compressed by 'gexe'. Just after compressing all binaries, without rechanging the permissions of 'bash', I have logged off the system. Now, I am unable to login. It says 'No-Shell' is vailable (obvious). I tried to login from custom made boot floopy and also boot/root floppies. But could not succeed. I am using slackware version. Any ideas how I have to tackle this. Thanks in advance. Venkat ------------------------------ From: mdharm@muddcs.cs.hmc.edu (Matthew Dharm) Subject: Re: Please don't post security holess... Date: 10 Oct 1994 01:58:33 GMT I think that the one reason that we must keep posting security holes is so that the "good guys" know about them. I'll admit, right now I do not run Linux (but I hope to be in a couple of days). But, I don't think that changes the fact that I have to be concerned about security. I have allready recorded several attempted "break-ins" for my system. Some people just don't expect that I've set up FTP properly... But, consider how a security hole is discovered. Someone, who is most likely trying to break into a system, discovers it. I don't know how they look for them, or how they dream up how to use them, but they do. This means: HACKERS ARE THE FIRST TO KNOW ABOUT A HOLE! Naturally, they don't want us (the sysadmins, the "good guys" in the white hats) to know about it. If we did, they would have one less tool with which to break into our systems. If a hacker is the first to know about a hole in my system, you better believe that I want to be the second. The third person I want to know is the guy who is going to give me the fix. Since I don't know person 1 and 3, I have to rely on groups like this one to provide me with the information I need. This is gonna cause some flames, but I'll say it anyway... -->> We have a responsibility as sysadmins to help each other plug these holes. If we know of a security hole and don't report it, aren't we a guilty as those who spread word of the hole so people can crash systems? These are just my thoughts. Wish me luck on installing Linux on my box. Matthew Dharm mdharm@hmc.edu P.S. -- Is there a distribution with a patch for the smail bug? ------------------------------ From: dwm@shell.portal.com (David - Morris) Subject: Re: Extreme delays telnetting into linux box Date: 12 Oct 1994 04:39:47 GMT barkerc@GRAPHICS.CS.NYU.EDU (Chris Barker) writes: >After swithching to Yggdrasil Fall 94 Kernel 1.1.47 I have experienced extreme >delays when telnetting into my box from my PC over ethernet. Upto a minute of I have conducted an experiment with TELNET from my LAN PC (running IBM TCP/IP-DOS and my LINUX machine. When the LAN PC IP address was unknown to LINUX it took a *LONG* time to get the LOGIN prompt. I added the IP address to /etc/hosts and bingo, nice and quick. YGGDRASIL F/94 uses INETD to launch in.telnetd. I suspect that INETD attemps to resolve the IP address to a host name for logging or whatever and hence one waits for all the DNS trials, etc. before the connection to whatever INETD service is requested procedes. Could be telnetd, or perhaps *both*. Might be that Ygg/fall/94 added this reverse resolution? Anyway, make sure your LAN PC has a host name known to your LINUX box *and* the resolution order (DNS or etc/hosts first) matches where the name is defined. I had no problem with PINGs so perhaps this is unrelated. Dave Morris ------------------------------ From: kkfong@netcom.com (Another Totoro) Subject: Re: Has anyone gotten ftape to work? Date: Mon, 10 Oct 1994 01:23:37 GMT [all stuff deleted] I don't know for sure if my setup works, but I manage to do: mt -f /dev/nftape rewind mt -f /dev/nftape reten mt -f /dev/nftape erase tar cvf /dev/nftape files tar df /dev/nftape files And I manage to do this with kernel 1.0.9, gcc 2.4.5, ftape-0.9.10.a.tar.gz, and modutils-0.99.15.tgz, and whatever libraries and linker I have (I can't tell the version. They are from Slackware 1.1.0) I have to admit that I had a lot of problem with /dev/ftape (which is rft0). There were a lot of warning with rewind, reten, and erase command. The warning looks something like this: fdc-io.c (fdc command) fdc-write timeout, retry Personally I have some questions about the ftape thing. First, what are the valid options for mt besides the above mentioned ones? Also, what's the differences with /dev/ftape and /dev/nftape (/dev/rft0 & /dev/nrft0 respectively). I also see quite a few scripts on sunsite under system/backup directory. Which one is easier for newbie like me? BTW, I am using Conner TapeStor 250 with Teac DualDrive on a generic floppy controller. Is there any pitfall I have to look out for? I did remove jumper 6 from the tape drive as the manual suggested. Thanks for your input. ------------------------------ From: kkfong@netcom.com (Another Totoro) Subject: Re: Ftape works...Not yet Date: Mon, 10 Oct 1994 01:29:28 GMT May I ask which version of modutil are you using now? With 0.99.15 modutil, it will complain whenever I load up ftape.o (something like request_dma() not defined or something). And when I tried to compile modules.tar.gz (I suppose this is the newest one), it complain about something that's undefined and bomb out with the make process (making insmod). I did manage to make ftape 0.9.10a and modutil 0.9.15 work together. BTW, I am running kernel 1.0.9, gcc 2.4.5, and the version of ld that doesn't accept the -qmagic flag. Dennis Flaherty (dennisf@denix.elk.miles.com) wrote: : In article <1994Oct3.094519.32836@cobra.uni.edu>, : Jonathan Williams wrote: : > : > Well, I thought I had ftape working, but I guess I was wrong. I'm running : > Linux kernel version 1.0.9 and ftape version 1.13b patched for the conner bug : > and compiled with the -DCONNER_BUG flag. : Glad you got that working. Now you can use the tapes you just formatted : with Conner's buggy tape formatting software. ------------------------------ Date: Tue, 11 Oct 1994 22:25:43 +0100 From: Eberhard_Moenkeberg@p27.rollo.central.de (Eberhard Moenkeberg) Subject: Re: Security hole - has noone noticed so far? Hello Shawn D. McPeek and all others, on 10.10.94 Shawn D. McPeek wrote to All in USENET.COMP.OS.LINUX.ADMIN: SDM> : Scanning the CERT archives, the SDM> : list is split about halfway betweeen local-only holes and remote SDM> : holes. SDM> SDM> Where can one find these CERT archives? Originally, at ftp.cert.org. Mirrored for example at ftp.gwdg.de:/pub/cert. Greetings ... Eberhard ------------------------------ From: dlj0@Lehigh.EDU (DAVID L. JOHNSON) Crossposted-To: comp.windows.x,comp.windows.x.i386unix Subject: Re: Xfig Date: 10 Oct 1994 01:54:48 GMT In article <1994Oct7.183040.8963@ivax>, icqo409@iupui.edu (jon m) writes: >In article <36tg1pE8uq@uni-erlangen.de>, >Uwe Bonnes wrote: > >>Look at the messages of the last time. This has been answered many times >>before: >>There's a cyclic reference in the application-defaults >NOW. why does just about EVERY blasted X program have this in their >app-defaults!!!!!!!!!!!!!! (a cyclic reference) > That has not been my experience. It wasn't mine for Xfig, but then I read my defaults files and set them up before I run the program. >>-- >>Uwe Bonnes bon@lte.e-technik.uni-erlangen.de > >jon >-- >jon madison >oit consultant in training >"A year spent in artificial intelligence is enough to make one believe >in God." -anonymous, from a fortune program on one of my accounts. :) -- David L. Johnson dlj0@lehigh.edu or Department of Mathematics dlj0@chern.math.lehigh.edu Lehigh University 14 E. Packer Avenue (610) 758-3759 Bethlehem, PA 18015-3174 (610) 828-3708 ------------------------------ From: donadio@mxd120.rh.psu.edu (Matthew Donadio) Subject: Re: Security hole - has noone noticed so far? Date: 10 Oct 1994 02:16:42 GMT Lee Silverman (lee@netspace.students.brown.edu) wrote: : There's a good one! A sendmail bug was just reported a few months : ago, adding yet another to the DOZENS of bugs reported about sendmail. : Most of the bugs reported in sendmail give *outside* users access to : your machine; this smail bug was only available to users who have What version of sendmail are you talking about? The last few holes that I remmeber reading about have been in vendor verions or in 5.6.7. Berkeley 8.6.? has been pretty secure. : already logged in. Big difference. Sendmail (The standard one, : anyway, 8.6.9) arguably the single hardest unix package to configure : correctly. Smail is a damn good program, and I use it all the time. Huh? The m4 macros make 8.6.9 pretty easy to set up. You just have to have a bit of knowledge about the net you are on or you could just have it forward all mail to a smarter host. -- Beaker aka Matt Donadio | Life is short, --- __ o __~o __ o donadio@mxd120.rh.psu.edu | ride like ---- _`\<, _`\<, _`\<, --- Penn State Cycling ---| the wind. --- ( )/( ) ( )/( ) ( )/( ) ====================================URL: http://mxd120.rh.psu.edu/~donadio ------------------------------ From: becker@cesdis.gsfc.nasa.gov (Donald Becker) Crossposted-To: comp.os.linux.help Subject: Re: Ethernet NE2000 clone installation problem Date: 9 Oct 1994 22:16:29 -0400 In article <1994Oct7.185452.2361@nosc.mil>, Malcolm B. Sylvester wrote: >In article edwardm@netcom.com (Edward F. Munro) writes: >>Herbert Rosmanith (herp@wildsau.idv.uni-linz.ac.at) wrote: >>: Aka Zodiac (mcsdc2smt@zippy.dct.ac.uk) wrote: >>: : In article <34k7df$2va@mis.cpc.ku.ac.th>, oanek@ku.ac.th (Anek Vorapanya) writes: >>: : > Dear all, >>[snip] >>: : > IP Protocols: ICMP, UDP, TCP >>: : > PPP: version 0.2.7 (4 channels) NET02D OPTIMIZE_FLAGS >>: : > TCP compression code copyright 1989 Regents of the University of California >>: : > PPP line discipline registered. >>: : > SLIP: version 0.7.5 (4 channels) >>: : > CSLIP: code copyright 1989 Regents of the University of California >>: : > Net2Debugged PLIP 1.01 (from plip.c:v0.15 for 0.99pl12+, 8/11/93) >>: : > plip1: configured for parallel port at 0x378, IRQ 7. >>: : > NE*000 ethercard probe at 0x300: 00 00 e8 c1 15 0a >>: : > eth0: NE2000 found at 0x300, using IRQ 5. >>: : > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >>: : > * Autoprobing found the first (and my only) Ethernet card. Fine.. >> >>: : yes....but merely DETECTING THE CARD Does *NOT* mean it is fine...it just means >>: : it has found the card... >> >> >>: In this case, it *DOES INDEED* mean the card is fine. >> >> >>: : > ne.c:v0.99-15k 3/3/94 Donald Becker (becker@super.org) >>: : > Linux version 1.0.9 (root@fuzzy) #3 Fri Jul 8 21:01:56 CDT 1994 >>: : > ... >>: : > >>: : > Sep 7 10:48:44 init[1]: Entering runlevel: 5 >>: : > Going multiuser... >> >>======> : : > SIOCADDRT: Network is unreachable <===== >>[snip] >>: : > eth0 Link encap UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >>: : > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >>I had this same problem, the answer for me was to upgrade ifconfig. >>After all, the kernel probe found the currect HWaddr, it only makes sense >>that there is a problem with ifconfig. >> >>BTW, I too was using a NE2000 clone. >> >>edwardm@netcom.com >> > >I too have had this same problem with a 3Com 503 card. If anyone comes >up with the solution I would appreciate it very much if you would info >me also. It's the 'ifconfig' program that's broken, not the driver. The 'ifconfig' program only prints the correct information with some kernels. It's no big deal because, except for the misleading output, it still sets the interface up correctly. (Hasn't this already been posted about a dozen times?) -- Donald Becker becker@cesdis.gsfc.nasa.gov USRA-CESDIS, Center of Excellence in Space Data and Information Sciences. Code 930.5, Goddard Space Flight Center, Greenbelt, MD. 20771 301-286-0882 http://cesdis.gsfc.nasa.gov/pub/people/becker/whoiam.html ------------------------------ From: ralphs@halcyon.halcyon.com (Ralph Sims) Subject: Re: Security hole - has noone noticed so far? Date: 10 Oct 1994 01:56:16 GMT barr@pop.psu.edu (David Barr) writes: >>There's a good one! A sendmail bug was just reported a few months >>ago, adding yet another to the DOZENS of bugs reported about sendmail. >Yes, but those were all fixed. There are no outstanding security >bugs in sendmail, to my knowledge. >>Big difference. Sendmail (The standard one, >>anyway, 8.6.9) arguably the single hardest unix package to configure >>correctly. >Okay, I'll argue with you. I found smail to be a total pain to install. >The documentation sucks, and the config file options aren't very obvious. >Sendmail's documentation is much more complete. Most of the "I-hates-sendmail" seems to be centered around the 8.6.9 release. I've found Sendmail+IDA to be much easier, both in its installation and config. Plus, Neil Rickert's rather fast on the keyboard when it comes to plugging any holes. Not a bad piece of work, especially if you're routing mail in and out using disparite transport mechanisms. ------------------------------ From: ralphs@halcyon.halcyon.com (Ralph Sims) Subject: Re: Security hole - has noone noticed so far? Date: 10 Oct 1994 01:56:45 GMT smcpeek@isr0830.urh.uiuc.edu (Shawn D. McPeek) writes: >David Barr (barr@pop.psu.edu) wrote: >: recently require local access. Scanning the CERT archives, the >: list is split about halfway betweeen local-only holes and remote >: holes. >Where can one find these CERT archives? Ummm... ftp.cert.org for a start. ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************