search for: dholland

I''ve been poking around my system, and realized that having a tftp server would be handy. (I''m working with cisco routers, which have the capability to up and download configuration images via tftp.) However, I''m not content with the usual tftpd that comes with Linux. The whole "specify each directory you want" scheme is cock-eyed to me. I''d prefer

...oesn''t require changing any binaries. (I''m sending a copy of this to linux-kernel, but since I''m not on it at the moment I''d appreciate if any discussion there would keep me on the cc list.) -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

...lled devinfo and makedev.cfg files. If you don''t have pgp and don''t know how to fix a patch that pgp has signed, you can get the patch from the hcs ftp site, although I did not upload it to sunsite. If you have questions or concerns, feel free to mail me. David A. Holland dholland@hcs.harvard.edu diff -r -u -N makedev-1.6/README makedev-1.6.1/README - --- makedev-1.6/README Sat Feb 1 02:32:23 1997 +++ makedev-1.6.1/README Thu Apr 24 10:04:19 1997 @@ -6,6 +6,11 @@ /etc/devinfo. The config file is intended to be fairly human-readable, as well as machine-readable. +New in...

Hi. I don''t know if this one is known, but I can''t recall seeing anything about it. If it is old news I apologize. I discovered a bug in the inetd that comes with NetKit-B-0-08 and older. If a single SYN is sent to port 13 of the server, inetd will die of Broken Pipe: write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe) --- SIGPIPE (Broken pipe) ---

...nd rwhod an rwho packet, it blindly assumes you are who the packet says you are. That is to say, it looks as if any host can inject false rwho data for any other host. I''m not convinced this is worth fixing. Opinions? -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

x-kernel@vger.rutgers.edu Subject: Re: tty chowning Newsgroups: mail.linux.kernel In-Reply-To: <199709261901.PAA04763@dcl.MIT.EDU> Organization: Cc: Bcc: "Theodore Y. Ts''o" <tytso@MIT.EDU> writes: > David Holland <dholland@eecs.harvard.edu> writes: > } Why not build chowning into this process? On TIOCSCTTY, the tty would > } chown itself to the effective uid of the current process and chmod > } itself to 620. Then, on close, the tty would chown itself back to > } root and chmod itself to 666. > >...

...uffer overrun problem that is almost certainly exploitable. Note that this gives access to the tty group, but not (directly) root. The fix is to change the two sprintfs to snprintfs. Patches have been mailed to the maintainer. -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

...een CERT and the linux-security lists). The fact that I recognise a bug doesn''t mean it''s been seen on linux-security. I hadn''t noticed the date on the advisory. Sorry for the extra traffic. -- REW] -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino

...seems that sending xterm an excessively long escape sequence kills it (and perchance might be made to hack it, which would be quite bad.) The xterm in XFree86-3.2 is immune to this problem. I recommend everyone upgrade ASAP. -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino From mail@mail.redhat.com Thu Nov 14 17:36:24 1996

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of

[mod: Executive summary: SNI found recent linux-distributions not-vulnerable -- REW] -----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######.

I''m looking for some evidence, backup up with dates and references, that shows that the Linux community responds to security problems more quickly than other OS vendors, and thus might be considered "more secure". A number of fairly high profile corporations are starting to look for such information as they consider Linux as an alternative solution to other UNIXes. Something

ugh :) Today I became infected with the bliss virus, any info on this would be appreciated! How do I scan for files infected and is it possible to remove it? I first noticed the infection when running a program (not as root) messages flashed on the screen about transversing directories and such. The program (gimp) had been working fine since I downloaded the binary for gimp from their main