From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Thu, 13 Oct 94 16:16:19 EDT Subject: Linux-Admin Digest #189 Linux-Admin Digest #189, Volume #2 Thu, 13 Oct 94 16:16:19 EDT Contents: Re: SCSI HP-DAT PROBLEMS (Steven Buytaert) Re: Please don't post security holess... (Damien P. Neil) Re: shutdown without root access -- SUMMARY (Bill C. Riemers) Re: Please don't post security holess... (Steve Kneizys) Re: Security hole - has noone noticed so far? (Bill C. Riemers) Re: Please don't post security holess... (Steve Kneizys) Usenet on my Linux system (Nathan Stratton) Re: Telnetd doesn't notice you're gone. (Donald Becker) Re: PC m/boards + ncr PCI (some tips + info) (Donald Becker) Re: Please don't post security holess... (M. K. Shenk) Re: Where to find acct for 1.1.49+? (Juha Virtanen) Re: Please don't post security holess... (Robin D. Wilson) ---------------------------------------------------------------------------- From: buytaert@imec.be (Steven Buytaert) Subject: Re: SCSI HP-DAT PROBLEMS Date: Thu, 13 Oct 1994 14:24:51 GMT x0202479 J.P. van de Plasse (vdplasse@newsserver.et.tudelft.nl) wrote: : I can make an backup to a HP-DAT 2GB tape streamer, : using tar. but I don't succeed to create multiple tar's on one tape : The second tar overwrites the first one. : I've tried to use mt eom, but then when using mt tell it still say's : Location 0 !!! : ANybody gota clue Yup, I think so. It's been a while that I made a SCSI tar tape with several archives on a tape, so I can't give the *exact* answer. I don't have the HOWTO at work here neither. Whatever... You should use the non-rewinding device, described in the SCSI-HOWTO for multiple archives. That worked for me. It's the same device name as the normal scsi tape name, but with a letter 'n' appended. Check it out. Hope this helps... Stef -- Steven Buytaert WORK buytaert@imec.be HOME buytaert@innet.be 'Imagination is more important than knowledge.' (A. Einstein) ------------------------------ From: damien@b63519.student.cwru.edu (Damien P. Neil) Subject: Re: Please don't post security holess... Date: 10 Oct 1994 02:52:27 GMT In article <37a749$9ke@jaws.cs.hmc.edu>, Matthew Dharm wrote: >This means: HACKERS ARE THE FIRST TO KNOW ABOUT A HOLE! > >Naturally, they don't want us (the sysadmins, the "good guys" in the >white hats) to know about it. If we did, they would have one less >tool with which to break into our systems. I would like to consider myself to be a hacker. (Others may disagree -- as the quote below states, it is a title best given, not taken.) I have never broken into a system. I do not plan on doing so at any time in the future. The term `hacker' has been perverted by some to refer to criminals who attempt to penetrate security on computer systems. This was not the original meaning of the word. To refer to such people as `hackers' is to give them a dignity they do not deserve. The following is an entry from the jargon file, available from GNU archives everywhere as `jarg300.txt.gz'. :hacker: [originally, someone who makes furniture with an axe] n. 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating {hack value}. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a UNIX hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term is {cracker}. The term `hacker' also tends to connote membership in the global community defined by the net (see {network, the} and {Internet address}). It also implies that the person described is seen to subscribe to some version of the hacker ethic (see {hacker ethic, the}. It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled {bogus}). See also {wannabee}. >If a hacker is the first to know about a hole in my system, you better >believe that I want to be the second. The third person I want to know >is the guy who is going to give me the fix. Since I don't know person >1 and 3, I have to rely on groups like this one to provide me with the >information I need. Agreed. If there is a hole on my system, I want to know about it yesterday. I don't want someone to say, ``There is a hole, do this to fix it. Sorry, we won't tell you what the hole is.'' >These are just my thoughts. Wish me luck on installing Linux on my >box. Good luck! :> >P.S. -- Is there a distribution with a patch for the smail bug? I believe the latest version of Slackware includes sendmail 8.6.9, which does not have either the debug file bug, or the .forward misconfiguration. - Damien ------------------------------ From: bcr@k9.via.term.none (Bill C. Riemers) Subject: Re: shutdown without root access -- SUMMARY Date: 10 Oct 1994 02:51:40 GMT Reply-To: bcr@physics.purdue.edu >>>>> "Austin" == Austin Donnelly writes: Austin> In article <379hi2$m44@linus.mitre.org>, Van Zandt Austin> wrote: >> Greck Cannon suggests: >>> Make a group containing the people you want to be able to shut >>> the machine down. Then change /sbin/shutdown to suid [change >>> its owner to root,] and change its group to the shutdown >>> people group. You may also have to suid and chgrp halt and >>> reboot... Austin> This all works in theory, but unfortunately as umount(8) Austin> is already setuid root, it doesn't work in practice. Yes, Austin> the computer reboots fine, but it doesn't unmount the Austin> disks, causing an fsck to happen at the next startup. Austin> This is because umount can be run by ordinary users when Austin> (for example) unmounting a floppy, and it needs to update Austin> /etc/mtab. So umount ignores the EUID of a user (since Austin> this is normally root) and only allows the root filesystem Austin> to be unmount by someone with a UID of 0 (ie the Austin> superuser). Austin> I don't think there is *any* elegant solution to this Austin> umount problem. Lets face it, the most rational solution is to use a key mapping or such. If they have access to your machine, they can reboot it anyways. Its better to have them doing it from the keyboard than with the reset or power buttons... But, since most people won't settle for that answer, how about a crontab job: * * * * * if [ -f /priv/reboot ]; then rm -f /priv/reboot;/sbin/reboot; fi Then users having access to /priv can reboot, everyone else can't, unless they hose your computer with the reset or power buttons. Bill --
Bill C. Riemers, bcr@physics.purdue.edu
Department of Physics, Purdue University ------------------------------ Subject: Re: Please don't post security holess... From: STEVO@acad.ursinus.edu (Steve Kneizys) Date: 9 Oct 94 22:45:53 EST Tim Bass (Network Systems Engineer) (bass@cais.cais.com) wrote: : : : [more stuff deleted] : : All information eh? Like : : Your sexual practices...how to make a nuclear device...your BANK CARD : Inquiring minds want to know :-) : : mag strip info with your PIN #...medical history...trade secrets... : PIN # is 4231 : Medical History.... dying slowly and painfully : Trade Secrets .... Need a contract vehicle to do services directly with : the US gov. PLEASE HELP !! : : list of ppl's houses and how to defeat their home security system... : : President's moment by moment schedule...usernames and passwords... : Let me see, now he's looking for medical insurance for Hillary :-) : : Why don't you just post all your root/system passwords! : All root passwds are the same: more$4me! : Give them a try !!! : : :) :) : : Steve... : Great come back Steve, I really set myself up for that one. See what : happens when I try to be an advocate for freedom ;-) Guess I'll leave my : soapbox on the washing machine next to my lost socks box. : Still, I think posting security holes is good. Posting all root passwds : might be fun though ! Nice idea. I want to know about security holes too! Really I do...I just want it both ways...I want to know how to fix them at the same time I do not want my users to find them :) :) :) I spent most of Friday tracking down a user on campus who faked email from another users acct sending mail to all students with a message regarding furry animals and homosexuality and wannas...it is so easy to do so very many bad things and tracking them down takes work! I just wish we could make these ppl have to do work to misbehave. Steve... ------------------------------ From: bcr@k9.via.term.none (Bill C. Riemers) Subject: Re: Security hole - has noone noticed so far? Date: 10 Oct 1994 03:07:40 GMT >>>>> "David" == David Barr writes: David> In article , David> Lee Silverman wrote: >> There's a good one! A sendmail bug was just reported a few >> months ago, adding yet another to the DOZENS of bugs reported >> about sendmail. David> Yes, but those were all fixed. There are no outstanding David> security bugs in sendmail, to my knowledge. >> Most of the bugs reported in sendmail give *outside* users >> access to your machine; David> Historically, maybe, but not in recent memory. Most of the David> ones recently require local access. Scanning the CERT David> archives, the list is split about halfway betweeen David> local-only holes and remote holes. >> this smail bug was only available to users who have already >> logged in. David> Well there are *three* bugs in smail currently, and if David> memory serves, at least one is remote. Correction: There were 3 bugs in smail... They were fixed almost as rappidly as they where reported. By the time the new reached the announce groups, those who had been monitoring the smail newsgroup already had there systems fixed. Those who hadn't been monitoring the smail newsgroup have been running around like chickens with there heads cutoff trying to switch to sendmail. >> Big difference. Sendmail (The standard one, anyway, 8.6.9) >> arguably the single hardest unix package to configure >> correctly. David> Okay, I'll argue with you. I found smail to be a total David> pain to install. The documentation sucks, and the config David> file options aren't very obvious. Sendmail's documentation David> is much more complete. Did you reverse things there? "smail" is probably the simpliest thing to install on my whole system. Much easier than libc, XFree86-3.1, ... I've had several people contact me asking how to use term over sendmail. My typical responce is to give them my recompiled smail binaries and get them up and running in about 15-45 minuites, depending on whether they have "term" installed correctly... David> Smail has the "advantage" that it's not used nearly as much David> as sendmail, and thus has less people pounding out the bugs David> on it. Sendmail may be of bad design, but if there's a David> hole to be found, it gets found fairly soon these days. David> Unfortunately it also means that once a bug _is_ found, a David> heck of a lot more people are affected. It's simple David> numbers games. I don't know about that. The "smail" bugs where found awfully fast. I think each one had a lifetime of less that 24 hours. >> Smail is a damn good program, and I use it all the time. I am >> going to check out Zmailer 2.97, but in the meantime, for ease >> and understandability, and for security reasons, I'm going to >> stick to smail rather than risk using sendmail. David> There are also security problems with the current Zmailer. David> (Or so I was told a couple months ago by someone who David> discovered some) Yep. Speaking of security problems, anyone know what the login(1) scare was a while back. That is one case where neither the hole nor the solution where posted, just a note to get the xxxx patch to fix it. Being lazy, I just tooked my machine off the net for a while and then eventually picked-up a new executable. But it would be nice to know what the problem was. Bill --
Bill C. Riemers, bcr@physics.purdue.edu
Department of Physics, Purdue University ------------------------------ Subject: Re: Please don't post security holess... From: STEVO@acad.ursinus.edu (Steve Kneizys) Date: 9 Oct 94 22:58:28 EST Matthew Donadio (donadio@mxd120.rh.psu.edu) wrote: : Steve Kneizys (STEVO@acad.ursinus.edu) wrote: : : If there was a security developers group, then the holes could : : be emailed to them for evaluation so as not to publicize the hole : : long before the fix. Or make a moderated comp.os.linux.security : : group? : Why? That's what comp.security.announce is for. The vast majority of : software used under linux is not linux specific. The only real stuff : that linux specific is in /etc or /sbin and a good chunk of that is : generic unix software. Sounds good! I was thinking along the lines of the CERT emails I get and a linux specific group, but certaintly comp.security.announce makes sense. Steve... ------------------------------ From: nstn@netcom.com (Nathan Stratton) Subject: Usenet on my Linux system Date: Wed, 12 Oct 1994 03:59:38 GMT Hi, I have my usenet setup, but I have this one little problem. Usenet is not getting sent out. I get theis file called usenet_out.work this fiel is growing vary fast and no one is posting. My outgoing file should be called usenet_out what is the .work thing and why is it growing when no one is posting? If you can help please send me mail at nathan@novanet.com or nstn@netcom.com. Thanks, -- Nathan Stratton CEO, NovaNet, Inc. On-Line Communication Services. ------------------------------ From: becker@cesdis.gsfc.nasa.gov (Donald Becker) Crossposted-To: comp.os.linux.help Subject: Re: Telnetd doesn't notice you're gone. Date: 9 Oct 1994 23:34:44 -0400 In article , Jon Leonard wrote: >In <374p48$s0t@news.u.washington.edu> ade@cac.washington.edu (Adrian Miranda) writes: >>Linux telnetd never seems to notice that I've gone away. On >>most other systems it appears that telnetd periodically checks if it >>can reach the remote system, and shuts down the connection if it >>can't. >>Does anyone have a solution to this? > >>Adrian > >Are you sure it's telnetd that is doing the checking? I don't know about >the Linux implementation, but similar behavior on SunOS and HP-UX is >because the TCP port never closes. There is a TCP keep alive timer, but >it just doesn't seem to be in all implementations. The TCP keep-alive timer should not be used to shut down a connection if the remote end cannot be reached. An implementation that does is incorrect. You don't have to take my word on this -- the issue comes up often in the tcpip newgroup when someone asks "how can tell when a networked PC has been turned off". What the keep-alive packets can do is detect when a machine has been rebooted and the connection endpoint no longer exists. -- Donald Becker becker@cesdis.gsfc.nasa.gov USRA-CESDIS, Center of Excellence in Space Data and Information Sciences. Code 930.5, Goddard Space Flight Center, Greenbelt, MD. 20771 301-286-0882 http://cesdis.gsfc.nasa.gov/pub/people/becker/whoiam.html ------------------------------ From: becker@cesdis.gsfc.nasa.gov (Donald Becker) Crossposted-To: comp.os.linux.help Subject: Re: PC m/boards + ncr PCI (some tips + info) Date: 9 Oct 1994 23:55:48 -0400 In article , Angelo Haritsis wrote: >A while ago I asked the net about PCI motherboards that will work >well with linux and Drew's NCR PCI SCSI driver. > >This is a very short summary of ideas I collected from various people >together with some personal views. What!? You broke with net tradition and actually posted the promised summary? And not just as concatenated email? I'm impressed! > Rumours say that Intel chipset PCI motherboards will have problems > with more than one bus-mastering PCI board. I have not tried this one > yet on mine and have nothing to suggest. I also heard that the > Saturn II chipset is problematic, but this is the one I use > and it is perfectly ok! Advice: Try to negotiate a 1-2 week money > back agreement with your supplier, in case the motherboard > you get has problems with the use you plan for it. I've been running an ASUS SP3G with the on-board bus-master NCR SCSI controller and a Boca PCnet/PCI bus-master ethercard. I've had no problems since I've reverted to the factory BIOS setting. Sample size: 2 machines x 1 week. -- Donald Becker becker@cesdis.gsfc.nasa.gov USRA-CESDIS, Center of Excellence in Space Data and Information Sciences. Code 930.5, Goddard Space Flight Center, Greenbelt, MD. 20771 301-286-0882 http://cesdis.gsfc.nasa.gov/pub/people/becker/whoiam.html ------------------------------ From: mkshenk@u.washington.edu (M. K. Shenk) Subject: Re: Please don't post security holess... Date: 12 Oct 1994 04:39:59 GMT In article , Orc wrote: >In article <37cp6s$t3o@nntp1.u.washington.edu>, >M. K. Shenk wrote: >>But it's not a dwelling space, and it can be very easily argued (of course, >>antyhing can be easily argued by most folks) that infringements on a >>virtual space, a computer system, should not be treated as seriously as >>those on a dwelling space. > > It's not a "virtual space" -- the machine is sitting there, >eating electricity and producing heat. If you want to visit it, >it's simple courtesy to ask first, just as it's considered polite >to ask someone if you can visit their house. Yes, it is in the way you are using it. You are not visiting it in a physical location. All past tresspassing laws have been based on this. The fact that a "tresspasser" here is different in a very significant way merits thought. This is all that I am saying. I never denied it would be polite to ask first. I stated that there is a difference. True statement. I did not imply ANYHTING. I made a true statement. A and B are different. Not that A is wrong and B is not. Or that B should necessarily be treated differently from A (though it should be cosidered.) ------------------------------ From: Juha.Virtanen@iguana.hut.fi (Juha Virtanen) Subject: Re: Where to find acct for 1.1.49+? Date: 13 Oct 1994 18:52:41 GMT Reply-To: jiivee@hut.fi >>>>> On Sun, 09 Oct 1994 10:06:44 +0930, andrewp@itwhy.bhp.com.au (Andrew PRUSEK) said: :> Some time ago I had the address for the ftp site that had the process :> accounting patch for kernel above 1.1.18. URL: ftp://iguana.hut.fi/pub/linux/sources/Kernel/Patches/acct_for_1.1.48. This very same patch works fine with Linux-1.1.52, as well, and patches to Linux-1.1.53, too (though, I haven't tested that kernel yet). Juha -- Plääh. ------------------------------ From: robin@pencom.com (Robin D. Wilson) Subject: Re: Please don't post security holess... Date: 13 Oct 1994 14:38:17 GMT Reply-To: robin@pencom.com In article <37iftu$hf0@nntp1.u.washington.edu> mkshenk@u.washington.edu (M. K. Shenk) writes: :In article <37gt3n$fn1@digdug.pencom.com>, :Robin D. Wilson wrote: :>In article <37foqi$8g2@nntp1.u.washington.edu> mkshenk@u.washington.edu (M. :>K. Shenk) writes: :>:In article <1994Oct11.152740.15304@cs.cornell.edu>, :>:La'szlo' Lada'nyi wrote: :>:>mkshenk@u.washington.edu (M. K. Shenk) writes: :>:>[...] :>:>>>> Penetrating the security of a :>:>>>> computer system is totally harmless in and of itself. :>:>>> ^^^ LOOOK! LOOOOK at this! "in and of itself." :>:>>>This is your opinion, and you would probably find that 99% of :>:>>>administrators will disagree with you. :> :>Mr. Shenk, you are _simply_ (and completely) WRONG! Privacy is a _very_ :>significant thing. You are advocating a way of life that leaves people no :>choice but to completely conceal their private information within their own :>heads. : :You idiot. Where do you see advocation? Expression of an opinion :does not imply advocation of anything. What I mean when I am :saying something is not what you might mean when you were saying the :same thing. I am advocating nothing. If you cared to read what I am :saying and not what you would like to hear, you would see that I :expressly have said that I do not believe this is a 'correct' thing :to do, merely that it is possible that it can do no harm. Never do I :say this makes it 'okay' or do I advocate it. Learn to read and think. "totally harmless"... "in and of itself"... What do you call this other than a retarded "rationalization" for "it's OK to break in, so long as you don't do anything but logoff"? Speaking of "not reading" -- did you bother to read the _rest_ of my post? For your edification: If I simply walked up to your front door, picked the lock, opened the door, and then walked away -- would you feel any less secure? I'll bet you'd figure out how to put a better lock on the door. When people put password protection on their systems, it is simply a means to prevent _unwanted_ access to their systems. People know (most of them anyway) that the password protection is no more of a guarantee than a deadbolt on the front door, but it is an attempt -- with the tools at hand. When you break that protection, you have violated their _wishes_ (100% of the time -- not even 99%), otherwise they wouldn't have placed the restriction on the system in the first place. Even if they have it _poorly_ protected, that simply says more about thier _ability_ to protect the system -- not about thier intentions. How can you reasonably say there was "no harm done"? Stealing privacy from someone is _significant_ harm -- that goes on harming for a long time after the original infringement. :>Clearly, you have alot to learn about being _human_... : :I'm through with this thread. Nobody seems to get it. This (now :worthless) discussion simply stemmed from a response to a dogmatic view :about system crackers. I don't care who you express an incorrect :view about, be it a murderer, I will attack it. This does not :mean I am defending murder. This does not mean I am advocating murder. Do :you understand this? Expressly: I do not advocate system cracking. I :also do not advocate blanket statements about system crackers, murderers :or anyone else. If you have not the intellectual capacity to understand :why being correct even in damning someone or some group, no matter how :much one would like to just damn away indiscriminately, is important, then :I give up. _You_ simply didn't get it... It is _not_ a dogmatic view. It is an _extremely_ personal reaction to a _very_bad_ argument. Compromising someone's privacy is an _extremely_ serious offense "in and of itself". -- ============================================================================= *** These are my opinions... Mine! All Mine! Minemineminemineminemine! *** ============================================================================= Robin D. Wilson robin@pencom.com Pencom Software 701 Canyon Bend Dr. 9050 Capital of Texas Hwy Pflugerville, TX 78660 Austin, TX 78759 ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************