From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Mon, 10 Oct 94 05:13:22 EDT Subject: Linux-Admin Digest #170 Linux-Admin Digest #170, Volume #2 Mon, 10 Oct 94 05:13:22 EDT Contents: Big IDE- fdisk 'different phys/log...' (Eric Zager) XFree-3.1 & openwin/olvwm HOW-TO (Pierre Belanger) Re: shutdown without root access -- SUMMARY (Van Zandt) Stealth 32 VLB, 2MB video driver (Madjid Mousavi) Re: Please don't post security holess... (Kevin Martinez) Re: Please don't post security holess... (Isis Leslie) Re: Please don't post security holess... (Steve Kneizys) IIT Xtec AGX video chip support (DrJekl) Re: Need DL/Time Limiting ideas - Linux BBS (H. Peter Anvin) Re: ftp freeze problems (Linux Mac Daddy) [fixed] lmail problem with sendmail (Ted Harding) Re: XFree86-3.1 - Whoopee! (S. O'Connor) ---------------------------------------------------------------------------- From: eric@marge.phys.washington.edu (Eric Zager) Subject: Big IDE- fdisk 'different phys/log...' Date: 9 Oct 1994 19:30:55 GMT I've been following the discussions of large IDE drives, but am running into an fdisk message which I haven't seen mentioned. I'd like to know if I'm safe ignoring it, or if it means something significant. After trying a number of configurations, I decided to install the drive (a Western Digital AC2540, 540 Mb) on a second IDE card, so that I could rule out the possibility of wierd interactions with AT BIOS. The drive geometry is hard coded into the kernel (1.1.52 w/ atdisk2-1.1.47+). After partitioning the drive, fdisk 1.5 reports- Command (m for help): p Disk /dev/hd1a: 16 heads, 63 sectors, 1048 cylinders Units = cylinders of 1008 * 512 bytes Device Boot Begin Start End Blocks Id System /dev/hd1a1 1 1 246 123983+ 83 Linux native Partition 1 does not start on cylinder boundary: phys=(0, 0, 2) should be (0, 1, 1) /dev/hd1a2 247 247 285 19656 83 Linux native /dev/hd1a3 286 286 895 307440 83 Linux native /dev/hd1a4 896 896 1048 77112 83 Linux native Partition 4 has different physical/logical endings: phys=(1023, 15, 63) logical=(1047, 15, 63) Is the message about different physical/logical endings significant? The logical information is correct. I don't know where the physical information is coming from. In the words of an infamous operating system- abort, retry, or ignore? ------------------------------ From: belanger@info.polymtl.ca (Pierre Belanger) Subject: XFree-3.1 & openwin/olvwm HOW-TO Date: 9 Oct 1994 15:45:39 GMT Hello, I figure out a way to make openwin/olvwm work under XFree86-3.1. Here is a ps -aux, just to prove you it is working... USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND belanger 726 0.0 2.5 341 380 p 2 S 10:57 0:00 sh /usr/X11R6/bin/startx /usr/openwin/lib/Xinitrc -- belanger 730 0.0 1.8 60 280 p 2 S 10:57 0:00 xinit /usr/openwin/lib/Xinitrc -- -quiet belanger 733 0.0 5.7 435 872 p 2 S 10:57 0:00 /usr/openwin/bin/olvwm belanger 739 0.0 4.7 113 720 p 2 S 10:57 0:00 olwmslave Now, to make this work, I changed the 'openwin' script in the /usr/openwin/bin Here is the new script (name it openwin3.1): #!/bin/sh # Start "OpenWindows", i.e. Xfree and ol[v]wm, by K.Osterberg, 1993 export XAPPLRESDIR MANPATH HELPPATH OPENWINHOME WINDOWMANAGER X11HOME if [ -z "$OPENWINHOME" ]; then if [ ! -d /usr/openwin ]; then echo "openwin: /usr/openwin does not exist, cannot start" exit 1 fi OPENWINHOME=/usr/openwin fi if [ -z "$X11HOME" ]; then if [ ! -d /usr/X11R6 ]; then echo "openwin: /usr/X11R6 does not exist, cannot start" exit 1 fi X11HOME=/usr/X11R6 fi if [ -z `echo "$PATH" | grep openwin` ]; then PATH=$OPENWINHOME/bin:$PATH fi if [ -z "$MANPATH" ]; then MANPATH=${X11HOME}/man:${OPENWINHOME}/man:/usr/local/man:/usr/man else MANPATH=${MANPATH}:${OPENWINHOME}/man fi if [ -z "$HELPPATH" ]; then HELPPATH=${OPENWINHOME}/lib/help else HELPPATH=$HELPPATH:${OPENWINHOME}/lib/help fi if [ -z "$XAPPLRESDIR" ]; then XAPPLRESDIR=${OPENWINHOME}/lib/app-defaults else XAPPLRESDIR=$XAPPLRESDIR:${OPENWINHOME}/lib/app-defaults fi if [ -z "$WINDOWMANAGER" ]; then WINDOWMANAGER=$OPENWINHOME/bin/olvwm fi if [ -f /tmp/.X0-lock ]; then # X is already running (e.g. this file was called from xdm) # so just run openwin's Xinitrc exec $OPENWINHOME/lib/Xinitrc else if [ -x $X11HOME/bin/startx ]; then exec $X11HOME/bin/startx $OPENWINHOME/lib/Xinitrc -- -quiet fi exec startx $OPENWINHOME/lib/Xinitrc -- -quiet fi =-======================That's it. Now, let me tell you that in the Virtual Desktop manager, the horizontal line is missing...??? Would someone else know why? And, your "Workspace" need to be edited also. Otherwise, you will run 'old' binaries. I did not change this 'yet' and I will not have the time until maybe tonight or tomorrow. I will post it here when I change it. Now just type: openwin3.1 (don't forget to put chmod 755 openwin3.1). has I said, when I'll have the time to modify the Workspace mouse-menu, I will post it here. Have fun, Pierre B., belanger@info.polymtl.ca, pierre@crt.umontreal.ca, Pierre_Belanger@uqtr.uquebec.ca ------------------------------ From: jrv@truth.mitre.org (Van Zandt) Subject: Re: shutdown without root access -- SUMMARY Date: 9 Oct 1994 19:50:26 GMT A few days ago I posted this note: > I am trying to set up my system so that others in my family can start > and stop it without root privileges. Thanks to all the respondents! I will summarize the ideas, starting with the simpler ones and proceeding to the more elaborate. Greck Cannon suggests: > Make a group containing the people you want to be able to shut the > machine down. Then change /sbin/shutdown to suid [change its owner to > root,] and change its group to the shutdown people group. You may also > have to suid and chgrp halt and reboot... > The shutdown, halt, etc users aren't really for manual use. Tony Peterman suggested changing the login shell to "shutdown -r now". (Unfortunately my version of login apparently doesn't allow the login shell to have command line arguments.) He also cautions "make sure the login dir is /, or you might have to fsck filesystems on reboot". Andrew R. Tefft thinks my scheme for linking control-alt-del to shutdown is safe, but: > I prefer logging in as shutdown because you can assign a password to > that account. On the other hand, the CAD [cntl-alt-del] can only be > done at the console, while if you were on the network, anyone could > login as shutdown (if they knew the password, if any). He also suggests that users "sync" and "halt" should be used only in emergencies, and that user "shutdown" needs a script wrapper: >> Can you really run shutdown as a login shell? > Yes. BUT. many 'login's cannot take options to the login shell. > You may have to actually have it run a script 'doshutdown' which calls > shutdown with the proper arguments. Your version of /sbin/shutdown > apparently needs arguments. Peter allows users to reboot from the login prompt by defining a user "reboot" with no password, UID and GID of 0, login shell of bash, and a startup file ~reboot/.bash_profile containing the command "/sbin/reboot". He cautions that passwd(1) considers root and reboot to be the same user: > after changing root's password vi [edit] /etc/passwd and remove > reboot's password, cause it's changed to root's also! Marc Heinzmann posted source code for a program shudown.login which gives a regular user the privilege of shutting the system down. The authorization is based on a UID which is defined in the source code. Lars Hofhansl offered a more general program: > I have written a small program which ... gives ordinary users > limited root access. It reads a configuration file which > contains a list of users and the commands they are allowed to > use, and a flag that (if set) requires the user to enter the > password again on each invokation. Every command execution is > logged to the syslog daemon. > I called it "priv". So to shut down I simply type "priv shutdown > -h now". This also reduces the need to log in as root over and > over again. Lars, Robert Moser and Randy Hootman also suggested the even more general program sudo(8) which is in the Slackware distribution. Quoting from its manual page: Sudo allows a permitted user to execute a command as the superuser. Sudo determines who is an authorized user by consulting the file /etc/sudoers. Sudo will prompt for a user's password to initiate a validation period of N min- utes (where N is defined at installation time and defaults to 5 minutes). Privileges can be restricted based on username, command, and/or host. Thanks again to everyone! - Jim Van Zandt ------------------------------ From: madjid@molson.ho.att.com (Madjid Mousavi) Subject: Stealth 32 VLB, 2MB video driver Date: Sun, 9 Oct 1994 02:40:46 GMT Does anyone have the config file for Stealth 32 VLB 2MB card. If I use Config86 to configure, can I use Stealth 24 VLB configuration file? Do I need a different driver? Please send mail to: madjid@molson.ho.att.com Madjid Mousavi AT&T bell labs ------------------------------ From: Kevin Martinez Subject: Re: Please don't post security holess... Date: Mon, 10 Oct 1994 05:32:01 GMT sheela@er7.rutgers.edu (Isis Leslie) writes: >I'm rather unconfortable with the posting of all of these security holes. >For a while I was under the impression that this was a no-no, and that >while sure, posting a "fix" or "work around will tell those in the know >just what the whole is, at least it makes it a little tougher. It is certainly a no-no to broadcast useful information. This should be strictly reserved for 3l33t d00dz! :^) <--- for the electroencephalagraphically challenged reader -- ======================================================================== Kevin Martinez Fear the Government that fears your Scanner! lps@rahul.net I owe all my success to Roly Poly Fish Heads! ======================================================================== ------------------------------ From: sheela@er7.rutgers.edu (Isis Leslie) Subject: Re: Please don't post security holess... Date: 9 Oct 1994 18:58:50 -0400 STEVO@acad.ursinus.edu (Steve Kneizys) writes: >Shawn Brown (shawnb@ecst.csuchico.edu) wrote: >: In article <379583$8t9@er7.rutgers.edu>, >: Isis Leslie wrote: >: >I'm rather unconfortable with the posting of all of these security holes. >: >For a while I was under the impression that this was a no-no, and that >: >while sure, posting a "fix" or "work around will tell those in the know >: >just what the whole is, at least it makes it a little tougher. >: I disagree completely. This information should be disseminated freely. >: I want to know everything about any real or potential security problems >: with my computer. The reasons for this should be obvious. Linux, in >: my opinion, is still an experimenters OS, and as such, I want to know >: all the steamy details. >: You really shouldn't be expecting any real level of security from a >: freeware UNIX as it is. Linux is at least as secure as several >: commercial UNIXes, but I would never rely on it for any level of >: security. >On the one hand, we all want public code so that we can see for >ourselves that there are no trap doors installed, yet posting >security holes often gets info to the 'wrong' hands too easily. >What is wrong with a little discretion about security issues? >Some people are way too busy to scan all the linux groups every >day to look for security holes. Maybe someday somebody will >start a linux-security mailing list that would inform ppl of >vulnerabilities and fixes, so at least one could be warned. >If there was a security developers group, then the holes could >be emailed to them for evaluation so as not to publicize the hole >long before the fix. Or make a moderated comp.os.linux.security >group? >Just a few thoughts for discussion... Well, I guess I was a bit unclear...I don't care as much as posting the fix as posting the bug itself (with or without the fix). The smail bug was known on various platforms besides Linux, but since it relies on the user having an account on the machine in question, it wasn't as big an issue as it could have been. All the attempts to hack my machine originated from a remote machine, in fact a single user workstation which has only one account besides root on it, who was in addition an employee of thenearby University. There was also the usual attempts to try and hack the ftp, nntp, rsh and rexec systems, and a quick identity trap easily tracjed the culprit down. At this time I'm undecided as to what action to take since this person isn't a student but a full time employee of the school. Since my system does run in a commercial enviroment (well, non-profit, so things aren't quite as sensitve) All users are well aware of security, and I also keep a tight handle on any networking access. Of course mail is something which you pretty much have to have free access to. If someone just wants to mention there was a security hole, in lets say inetd, and just post the fix, thats fine with me. Yes, people in the know will see the fix and be able to figure out what the hole is, but at least its a shade more secure than posting step by step instructions on how to actually exploit the hole. peace-Isis ------------------------------ Subject: Re: Please don't post security holess... From: STEVO@acad.ursinus.edu (Steve Kneizys) Date: 9 Oct 94 16:05:19 EST Shawn Brown (shawnb@ecst.csuchico.edu) wrote: : In article <379583$8t9@er7.rutgers.edu>, : Isis Leslie wrote: : >I'm rather unconfortable with the posting of all of these security holes. : >For a while I was under the impression that this was a no-no, and that : >while sure, posting a "fix" or "work around will tell those in the know : >just what the whole is, at least it makes it a little tougher. : I disagree completely. This information should be disseminated freely. : I want to know everything about any real or potential security problems : with my computer. The reasons for this should be obvious. Linux, in : my opinion, is still an experimenters OS, and as such, I want to know : all the steamy details. : You really shouldn't be expecting any real level of security from a : freeware UNIX as it is. Linux is at least as secure as several : commercial UNIXes, but I would never rely on it for any level of : security. On the one hand, we all want public code so that we can see for ourselves that there are no trap doors installed, yet posting security holes often gets info to the 'wrong' hands too easily. What is wrong with a little discretion about security issues? Some people are way too busy to scan all the linux groups every day to look for security holes. Maybe someday somebody will start a linux-security mailing list that would inform ppl of vulnerabilities and fixes, so at least one could be warned. If there was a security developers group, then the holes could be emailed to them for evaluation so as not to publicize the hole long before the fix. Or make a moderated comp.os.linux.security group? Just a few thoughts for discussion... Steve... ------------------------------ From: drjekl@aol.com (DrJekl) Subject: IIT Xtec AGX video chip support Date: 9 Oct 1994 20:35:05 -0400 Is the IIT Xtec AGX video chip currently supported in Linux? If not is there any hope on near term support? -thanks in advance ------------------------------ Crossposted-To: alt.bbs,alt.bbs.unixbbs From: hpa@ahab.eecs.nwu.edu (H. Peter Anvin) Subject: Re: Need DL/Time Limiting ideas - Linux BBS Reply-To: hpa@nwu.edu (H. Peter Anvin) Date: Sat, 8 Oct 1994 12:21:43 GMT Followup to: <370u7b$avk@drasnia.it.com.au> By author: jean-paul@drasnia.it.com.au (Jean-Paul Chia) In newsgroup: alt.bbs.unixbbs > > BTW, Karl, mail me, I've found a new package for Linux you might > like, better than the other ones I've shown you so far. :) > Care to inform the rest of the world, or do you just want to leave us in suspense forever? /hpa -- INTERNET: hpa@nwu.edu --- Allah'u'abha --- IBM MAIL: I0050052 at IBMMAIL HAM RADIO: N9ITP or SM4TKN FIDONET: 1:115/511 or 1:115/512 STORMNET: 181:294/1 or 181:294/101 Have you hugged your Swede today? ------------------------------ From: henslelf@henslelf.student.rose-hulman.edu (Linux Mac Daddy) Subject: Re: ftp freeze problems Date: 3 Oct 1994 03:57:49 GMT Reply-To: henslelf@nextwork.rose-hulman.edu Craig Tavener (craig@chem.chem.wits.ac.za) wrote: : I've got linux (Slackware2.0) recently installed on a 468-66. It has an : ethernet card and is networked to Novell and and UNIX. When ftp/telnetting : from linux to elsewhere things generally work well. However, when trying to : ftp into the linux machine (most notably from the novell network) the : session frequently freezes. Pressing cntl-C returns the ftp prompt, but the : last action ends up being truncated. A good example of this is a file : transfer. All packet but the last one get through. Then it freezes and the : last packet it lost. : Does anyone have any idea what is going on here? I've experienced the same problem, if anyone knows, let us in... ======================================================================== Slam Foot Neck! Ride the wave. Touch Touch Touch. I'm cereal. Internet: henslelf@po.nextwork.rose-hulman.edu Bilbo: 137.112.200.75 o__ o__ o__ o__ o__ ,>/'_ ,>/'_ ,>/'_ ,>/'_ ,>/'_ (_)\(_) (_)\(_) (_)\(_) (_)\(_) (_)\(_) ------------------------------ From: Ted.Harding@nessie.mcc.ac.uk (Ted Harding) Subject: [fixed] lmail problem with sendmail Date: 10 Oct 1994 04:59:05 -0400 Reply-To: Ted.Harding@nessie.mcc.ac.uk (Ted Harding) fputs(line) would not normally be expected to return the number of characters in the line. The following is an exerpt from "man fputs" on my Linux machine: RETURN VALUES fputc(), putc() and putchar() return the character written as an unsigned char cast to an int or EOF on error. puts() and fputs() return a non - negative number on suc- cess, or EOF on error. The following is quoted from "C: A Reference Manual" by Harbison & Steele. " ... (A typical implementation of 'fputs' actually does use 'fputc' to write out the characters of the string, and returns whatever value is returned by the last call to 'fputc'. Unfortunately, if the string is empty, no call is made to 'fputc' and that implementation of 'fputs' will return an unpredictable result ... ) " I haven't managed to track down how GCC implements fputs (it's butried a lot deeper than /usr/include/stdio.h); maybe someone who knows would be good enough to tell us ... ? Meanwhile, it wouild appear that the bug which Tim Bass has astutely corrected is an instance of somewhat rash programming. Ted. (Ted.Harding@nessie.mcc.ac.uk) ------------------------------ From: irish@eskimo.com (S. O'Connor) Subject: Re: XFree86-3.1 - Whoopee! Date: Mon, 10 Oct 1994 08:48:11 GMT Hmmm.... The reason I was going to upgrade was the low-bandwidth thing. I use X on my box, but I connect to my Net provider via Slip on a 14.4 modem, who is (now) running X 3.1. This bandwidth thing should allow me to use his apps on my server without a mind-numbing delay, correct? Or am I way off here? I thought this was the point of X; small servers (workstations) connected to and utilising a much larger host. Wasn't this one of the big changes, making this possible over a "slow" link? Responses Appreciated, -- Irish "I'm Not the shell answer man, I just know some things about Linux" ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************