From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Tue, 6 Sep 94 20:13:24 EDT Subject: Linux-Admin Digest #31 Linux-Admin Digest #31, Volume #2 Tue, 6 Sep 94 20:13:24 EDT Contents: Re: WARNING about shadow-mk package (Peter Dalgaard SFE) Re: UID 0 Passwd blues (Joe Zbiciak) Re: Timing out connections? (Herbie Pearthree) Re: [ALERT] Password problem with Linux (James Beckwith) Re: Xircom under Linux ? (laboratorium dydaktyczne) Unremovable inode! HELP (Raghunath K. Rao) Re: What MTU for SLIP links ? (Alan Cox) Re: [ALERT] Password problem with Linux (Tracy R. Reed) "write" with shell? (Emarit Ranu) Re: WARNING about shadow-mk package (Joe Zbiciak) HELP Security Access (Larry Schmitt) Re: virtual memory exhausted error (Joe Dane) Request for XConfig (JASON H KELTZ) Re: PPPD permissions (Thomas Quinot) Re: ? Kernel (1.1.47) ftape incompatibility (Oz Dror) Re: Slackware on CD-ROM [?] (Eric Kwok-Wai Ng) Re: WARNING about shadow-mk package (Viktor T. Toth) ---------------------------------------------------------------------------- From: pd@kubism.ku.dk (Peter Dalgaard SFE) Subject: Re: WARNING about shadow-mk package Date: 6 Sep 1994 16:24:09 GMT In im14u2c@cegt201.bradley.edu (Joe Zbiciak) writes: >In <34a0m7$5l9@news.xs4all.nl> bjdouma@xs4all.nl (Bauke Jan Douma) writes: >>In article <34600t$l3r@news.xs4all.nl>, bjdouma wrote: >>>Here's the snippet from the Makefile where login is installed: >>> >>> install -m4755 login $(LOGINDIR)/_login >>> install -m4711 login.secure $(LOGINDIR)/login >>> >>>So how secure can it be that there are no sources. >>>Just asking. >I apologize. I am the author of the /bin/login replacement that is included >in the shadow-mk package. Mohan Kokal, the author of the shadow-mk package, >is not to blame. I had asked him not to distribute my (ugly) source. :-) This seem to settle that login.secure is indeed completely innocent. HOWEVER: May I ask a stupid question? Why is the original login being installed setuid? As far as I can see, nothing is keeping users from just typing /bin/_login -froot, and exploit the original security hole.... (Permissions should be 744 or something like that) -- O_ ---- Peter Dalgaard c/ /' --- Dept. of Biostatistics ( ) \( ) -- University of Copenhagen ~~~~~~~~~~ - (pd@kubism.ku.dk) ------------------------------ From: im14u2c@cegt201.bradley.edu (Joe Zbiciak) Subject: Re: UID 0 Passwd blues Date: 6 Sep 1994 12:44:14 -0500 In <34hi6r$o5d@harbinger.cc.monash.edu.au> kevinl@bruce.cs.monash.edu.au (Kevin Lentin) writes: >Anton de Wet (adw@Chopin.rau.ac.za) wrote: >> I ran accross an inconvenient ``feature'' of the passwd program yesterday. >> On one of our Linux boxes we have 3 UID 0 users --- root and two others. >> Since initial setup a week ago, everything was working fine, but suddenly >> the root password was invalid :-( After some investigation and experimenting >> we found that one of the users had changed his password and that this changes >> all the UID 0 passwords to the same thing. >Having multiple accounts with the same uid and different names are bound to >cause trouble. Some programs may use other methods besides getuid() to >figure out who you are. $LOGNAME. getlogin(), who knows what they might >return. Very true, but not too much of a problem. On my system, I have two root accounts, both with the same password. Why? 'Cause I like to be logged in as root, but I feel showing up as root is bad form. So, I log in as someone else. Everything works ok though. Note that anything root is disallowed to do, such as ftp or login via remote, the alternate root is also disallowed from doing, though. In fact, the second root login is a bit of a joke: Login:*:0:0:Name,Office ,Office Phone,Home Phone,:/Directory:Shell (BTW, I made links from /Directory to ~root, and /Shell to /bin/bash....) Try creating a similar user and fingering them... :-) (You may wanna change the UID if you fear a security risk.) >necessary. Do your root users change so frequently that it's aproblem? Why >not just have one root account and let the people all use 'su'? A better solution would be to investigate "sudo" that comes with newer Slackware distributions. It allows "blessed persons" to "do super things." A configuration file can be made that says just what sudo privs each user has, and all that was done with sudo. Bear in mind if a user is UID 0, there is *no stopping* that person from circumventing anything you might do to keep them from taking over the entire system. Use 'su' or 'sudo' rather than making three root accounts. >If you must have multiple users, could you not put them all in one group >(eg wheel) and then have a setuid root shell that is only executable by >group wheel. I'm sure this opens up a security hole but probably nothing >worse than you're already faced with. suid-root shells are limited in scope: Some things just don't work. >> Is this supposed to be so? I think not. What is the easiest way to fix it? >> (I'm using Slackware 2.0 distribution) Definately look into "sudo" then. --Joe ------------------------------ From: HPear3@ind.net (Herbie Pearthree) Subject: Re: Timing out connections? Date: Tue, 6 Sep 1994 16:35:38 GMT In article <1994Sep4.040045.18857@dithots.org>, gwp@dithots.org (George W. Pogue) wrote: > I know this has been asked, but I may have missed the answer. Is there a > way if someone dials into the system, and then goes on vacation, to have > the system hang them up? Get idlelogout.tart.gz (also called autologout) from sunsite.unc.edu. I don't remember the path. It is also on my server ftp.ind.net in pub/ftpdir/linux/apps/idleout.tar.gz. This will log them off your host...Herbie -- Herbie Pearthree, INDnet Sr. Network Engineer Indiana Higher Education Telecommunication System ------------------------------ From: James Beckwith Subject: Re: [ALERT] Password problem with Linux Date: 6 Sep 1994 16:51:22 GMT In article <34h2rl$b37@stratus.skypoint.com> , gaj@skypoint.com writes: >flame, but lets not shoot ourselves in the foot... I hope this isn't TOO inappropriate a spot, but liked the *patience* with newbie note. I am newbie enough that often the sarcasm is lost on me, but appreciate the answers that go with it. BTW, 30 years at least can't really be that long. By my calc, U*IX passwords can't be over 22 years old. Any suggestions about using a cracker to check out new passwords before saving them? ------------------------------ From: stud37@sun1000.ci.pwr.wroc.pl (laboratorium dydaktyczne) Subject: Re: Xircom under Linux ? Date: 6 Sep 1994 16:15:16 GMT Werder Christian (ib93werd@htl-bw.ch) wrote: : --------> HELP : I've bought a Xircom Ethernet-Adapter, and now I have Don't do that. : a big problem !!!!! Yes, a big problem. : Is there a chance to install it under Linux ??? No. :-( : The matter is that I didn't found any driver for it :-( : Can anybody help me ??? : Thanks. Read the Ethernet-HOWTO before buying ethernet adapters for Linux. Xircom doesn't want to release programming information, which is their "proprietary trade secret". Unless they change their policy, their adapters will not be supported by Linux. If they don't support open operating systems, just don't buy their products. Try to sell your Xircom adapter to someone who only uses DOS/Novell/whatever, and buy 3c503, ne2000, smc/wd8013 etc. Same problem with some Cabletron ethernet adapters (except E21xx), Diamond Stealth SVGA cards, and APC Smart-UPSes. :-( Hope this helps. Marek Michalkiewicz marekm@i17linuxa.ists.pwr.wroc.pl || stud37@ci3ux.ci.pwr.wroc.pl ------------------------------ Crossposted-To: comp.os.linux.help From: thssrkr@iitmax.iit.edu (Raghunath K. Rao) Subject: Unremovable inode! HELP Date: Tue, 6 Sep 94 16:22:36 GMT Hi, Recently I had to delete my /var/log/notice file since it became too large (14 Mb). It was logging an ethernet card error continuously! But then I found the space for that deleted file was not freed. So I ran an e2fsck and then the file appeared in /lost+found. But again it was undeletable! I dont know how this can happen. Well, finally (since I needed the space), I rm'ed the file, and then used e2fsck, but this time I didn't move the inode to lost+found, but just unmarked all the blocks used by it. So I now have the space I need, but I still can't delete the *&$% inode. No problems right now in the system, but I dont like that inode to be left allocated. Anyone know of a fix???? Thanks a lot Raghu ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: What MTU for SLIP links ? Date: Tue, 6 Sep 1994 16:29:13 GMT In article erik@Elbereth.thur.de (Erik Heinz) writes: >What MTU should one choose for a SLIP link using recent 1.1.* kernels? >What is the maximum value, and what is a good choice? Max is about 32000 bytes but I wouldn't recommend it. BSD systems tend to use 1006 bytes. Others 576 or 296. It's a trade off. The higher you make it the more efficient block transfers are and the less pleasant a telnet session while doing an ftp is. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: treed@ucssun1.sdsu.edu (Tracy R. Reed) Subject: Re: [ALERT] Password problem with Linux Date: 6 Sep 1994 18:38:11 GMT James Beckwith (beckwith@io.org) wrote: : Any suggestions about using a cracker to check out new passwords before : saving them? There are a couple of utilities on sunsite that do this. One is called Crack, I don't remember what the other is called. One of them scans your passwd file for easily guessed passwds and find files with inappropriate permissions, etc. It's really sort of neat. -- ============================================================================= Mr. Tracy Reed |Every artist is a cannibal.| Why did dad cry San Diego State Univ. |Every poet is a thief. | when I gave him Aerospace Engineering |All kill their inspiration | Willmaker 1.0? treed@ucssun1.sdsu.edu |And sing about their grief.| treed@tbn-bbs.com |-U2 IRC-Maelcum /me smiles | ============================================================================= ------------------------------ From: drranu@lamar.ColoState.EDU (Emarit Ranu) Subject: "write" with shell? Date: 6 Sep 1994 19:01:37 GMT On the AIX machine on campus here, the "/usr/bin/write" has a nice fancy feature where one can type "!" as the first character on a new line and everything typed afterwards is interpreted by "/bin/sh". So if, while in a "write", I type on a new line: !ls -l /bin I get just that. Is there a source code for "write" that compiles under Linux with this same feature? If there is, please direct me to it. Thank you! -- -Emarit drranu@lamar.ColoState.EDU KG0CQ _._ __. _____ _._. __._ ------------------------------ From: im14u2c@cegt201.bradley.edu (Joe Zbiciak) Subject: Re: WARNING about shadow-mk package Date: 6 Sep 1994 12:25:17 -0500 In <34i539$549@news.uni-c.dk> pd@kubism.ku.dk (Peter Dalgaard SFE) writes: >In im14u2c@cegt201.bradley.edu (Joe Zbiciak) writes: >>In <34a0m7$5l9@news.xs4all.nl> bjdouma@xs4all.nl (Bauke Jan Douma) writes: >>>In article <34600t$l3r@news.xs4all.nl>, bjdouma wrote: >>>>Here's the snippet from the Makefile where login is installed: >>>> >>>> install -m4755 login $(LOGINDIR)/_login >This seem to settle that login.secure is indeed completely >innocent. HOWEVER: May I ask a stupid question? Why is the >original login being installed setuid? As far as I can see, >nothing is keeping users from just typing /bin/_login -froot, >and exploit the original security hole.... (Permissions should >be 744 or something like that) This is indeed a valid question. The correct permissions for /bin/_login should be either 4500 or 0500, not 4755. I spoke with Mohan just now, and he seems to think that later in the install, the permissions on /bin/_login get fixed. The reason for having them set 4755 at the start is that in case /bin/login goes caputz, one is still able to rescue the original /bin/login to rectify the situation. Indeed on "asylum," my personal box, /bin/_login has permissions of 4500. I will investigate this situation further. --Joseph R.M. Zbiciak Systems Admintrator & Programmer Texas Networking Systems, Inc DISCLAIMER: Neither this post, nor any other post made by me, reflects the opinions of my various employers, unless EXPLICITLY stated. All opinions stated herein are mine unless otherwise noted. := Joe Zbiciak == im14u2c@ =: :- - cegt201.bradley.edu - -: If it works, Don't fix it. : - camelot.bradley.edu - : :-Finger for PGP Public Key-: :===========================: ------------------------------ From: schmittl@cc.memphis.edu (Larry Schmitt) Subject: HELP Security Access Date: 6 Sep 94 12:50:39 -0500 Help - We just installed Slackware 1.2 using the standard installation. We now have an interesting situation. It is possible to use telnet and ftp out of the machine. Mail works in and out of the machine but it is impossible to either telnet, rlogin or ftp in to the machine. In telnet the following prompt is received when telnet is attempted, but no login prompt is ever issued. /home/lschmitt > telnet thunderbird Trying 198.78.128.202... Connected to thunderbird.cbu.edu. Escape character is '^]'. /home/lschmitt > ftp thunderbird Connected to thunderbird.cbu.edu. 421 Service not available, remote server has closed connection We have gone through the RC and config files and there is no obvious problem. The command xhost + when executed, gives no errors and says that security is removed but this does not help the situation. Inetd is running. Has anyone seen this before?? Any ideas will be greatly appreciated. We have successfully installed Linux using slackware 1.2 on two other machines with no problem. ------------------------------ From: dane@electron.ps.uci.edu (Joe Dane) Subject: Re: virtual memory exhausted error Date: 6 Sep 94 17:55:29 GMT Are you sure there's a swapon command in your /etc/rc* files? Use grep to look around for it. -- Joseph Dane "We have lingered in the chambers of the sea UC Irvine Physics By sea-girls wreathed with seaweed red and brown dane@nucleus.ps.uci.edu Til human voices wake us, and we drown." (714)725-2606 T.S. Eliot ------------------------------ From: cs911089@ariel.cs.yorku.ca (JASON H KELTZ) Subject: Request for XConfig Date: Tue, 6 Sep 1994 17:35:14 GMT I recently set up Slackware Linux 2.0.0 on my machine. I have been trying to set up XFree, but I'm finding the XConfig a bit confusing. Though I have it working with standard VESA settings, I was wondering if someone might be able to provide me with a better XConfig. My monitor is an ATI Graphics Ultra Pro (ISA), and I'm using a NEC MultiSync 3V monitor. The configuration program that came with XFree doesn't mention my monitor. Of course, if someone could tell me where I could get more detailed information on the XConfig file that would be great too. The two particular problems I'm having are with the "Clocks" section, and the "modedb" section. If someone can help me out, I'd be very greatful. I've just joined this newsgroup as well, so if this is a bad place to post this kind of message, please direct me to a better place. Thanks! Jason Keltz cs911089@ariel.cs.yorku.ca ------------------------------ From: thomas@melchior.frmug.fr.net (Thomas Quinot) Subject: Re: PPPD permissions Date: 5 Sep 1994 15:33:08 +0200 Le Prostetnic Vogon Gregory Trubetskoy écrit : > What should I do to make this permitted? Somewhere in the README's it sais > that pppd should be run by root - but how, then, I set up a ppp login > without making the ppp user a root equivalent? > Am I missing something obvious? Run either ppplogin or pppd setuid root :-) > P.S. The new nag is great, my hat is off to Olaf Kirch, but page 146 (post > script version), "Configuring a PPP Server" obviously hasn't been proofread > - check out the lower paragraph. Hum... ppp has changed quickly since the nag was published, I'm afraid. What you could do is mail an update to O. Kirsch for inclusion in future revisions. -- Thomas QUINOT | "Un roi sans divertissement est un | homme plein de misère." Linux - choice of a GNU generation | Jean GIONO ------------------------------ From: dror@netcom.com (Oz Dror) Subject: Re: ? Kernel (1.1.47) ftape incompatibility Date: Tue, 6 Sep 1994 17:47:39 GMT Upgrading the kernel to 1.1.49, and installing the latest patches of ftape did not solve the problem. I think that there is a bug in the ftape kernel combination. No system driver should be causing segmentation fault. My guss is that it is related to DMA access. -Oz -- NAME Oz Dror, Los Angeles, California SMAIL dror@netcom.com PHONE (213) 874-7978 Fax (213) 874-7965 ------------------------------ From: w1i1@ugrad.cs.ubc.ca (Eric Kwok-Wai Ng) Subject: Re: Slackware on CD-ROM [?] Date: 6 Sep 1994 11:19:12 -0700 >I use the infomagic cd-rom and am satisfied with it. It contains a lot more in >addition to slackware, like the sls distribution. Plenty of stuff for you to >play around. The thing I like about it is it is a prefect replica of slackware >2.0 and everything I have used so far works without trouble. Sure beats >copying to floppy and installing. > >Try ACC Bookstore in Connecticut at 1-800-546-7274 > >The cost of the 2-CD set is about $20 and you pay about $5 for UPS ground. > >-- I also brought the infomagic cd-rom, but I didn't know how to install it from CD-ROM, did you use slakeware 2.0 to install from CD-ROM to hard drive or just run directly form CD-ROM, since only have a small hard-driver , I want to run directly from CD-ROM, except for the x - windows. I had read the readme file in disk2, and it told to just to link the directory LIVE from the CD-ROM, but it does not mention how to do that, would you tell the methods that you install the CD-ROM, step by step since I am just a new user of Linux . Thank you! > > ------------------------------ From: vttoth@vttoth.com (Viktor T. Toth) Crossposted-To: comp.os.linux.development,comp.os.linux.help,comp.os.linux.misc Subject: Re: WARNING about shadow-mk package Date: Tue, 6 Sep 1994 12:31:08 In article im14u2c@cegt201.bradley.edu (Joe Zbiciak) writes: >And again: I do apologize for any inconvenience this may have caused >anyone. The shadow-mk package is not insecure. The login.secure is >indeed what it was titled. I do hope that this post lays to rest any >suspicion about the shadow-mk package, its contents, and its author. >I also apologize to Mohan Kokal for not realizing that such a small piece >of code would cause such a large number of people to label him as a >cheap-and-dirty cracker. I have been reading this thread with great interest; first, I became (as did many others) concerned about the possibility that code was distributed with ill intent (even though I am not presently a user of the shadow-mk package); later, I was simply curious as to the resolution of this. Let me just say something LOUD AND CLEAR: I do *NOT* believe that you have any reason to apologize to anyone. There was a sad misunderstanding here; with the ever-present threat of viruses, trojan horses, and what not, people have a good reason to be concerned; but all YOU did was provide the result of your labors for all of us to use and enjoy, for which the least that you deserve is our thanks. There is absolutely no reason for you to feel guilty when you have contributed good code to the public domain. I do not believe that the original poster has any reason to feel guilty either. He did the right thing; posted a warning to all of us when there was reason to believe that code with ill-intent was circulating and executing regularly on our machines with root privileges. Unfortunately, no matter how tactful you are, this is something that's very difficult to do without implicating the author of the code in question. So anyways, all I meant to say (since it appears nobody else said it) is that you should both be thanked by the rest of us. Viktor ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************