search for: juphoff

...s "Linux Security FAQ Updates" and has contributed to a number of other (e.g. CERT, AUSCERT) advisories. I''m still hanging on "in the background" as both lists'' administrator for the time being, however. - --Up. - -- Jeff Uphoff - systems/network admin. | juphoff@nrao.edu National Radio Astronomy Observatory | juphoff@bofh.org.uk Charlottesville, VA, USA | jeff.uphoff@linux.org PGP key available at: http://www.cv.nrao.edu/~juphoff/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface...

...d thus incorrect) modification was done to Ted''s instructions when putting together the initscripts. This means that /dev/urandom is not being re-seeded at boot as expected. If you depend on /dev/*random, the impact is obvious. --Up. -- Jeff Uphoff - Scientific Programming Analyst | juphoff@nrao.edu National Radio Astronomy Observatory | juphoff@bofh.org.uk Charlottesville, VA, USA | jeff.uphoff@linux.org PGP key available at: http://www.cv.nrao.edu/~juphoff/ From mail@mail.redhat.com redhat.com (list@199.183.24.1)

amd from the amd-920824upl102-6.i386.rpm file distributed with RedHat Linux 4.1 does not honor the nodev option for NFS filesystems and probably other mount types, allowing any user access to the device files in /dev on a system, provided that they have root access to another linux box on the network. In addition, the default amd.conf from RH 4.1 maps /net/* to NFS mounting, which makes the bug in

I''m looking for some evidence, backup up with dates and references, that shows that the Linux community responds to security problems more quickly than other OS vendors, and thus might be considered "more secure". A number of fairly high profile corporations are starting to look for such information as they consider Linux as an alternative solution to other UNIXes. Something

------- start of forwarded message (RFC 934 encapsulation) ------- From: kevingeo@CRUZIO.COM Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> To: BUGTRAQ@NETSPACE.ORG Subject: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files Date: Wed, 25 Feb 1998 05:49:58 -0500 Reply-To: kevingeo@CRUZIO.COM Vulnerable: Everyone who followed the installation instructions and made Quake2

------- start of forwarded message (RFC 934 encapsulation) ------- From: Joe Zbiciak <im14u2c@cegt201.bradley.edu> Approved: alex@bach.cis.temple.edu Sender: Bugtraq List <BUGTRAQ@netspace.org> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org> Subject: Buffer overflow in Linux''s login program Date: Sun, 22 Dec 1996 09:27:24 -0600 Reply-To: Joe Zbiciak

[mod: The first message would''ve been rejected on the grounds "no security related information", but it gives ME a warm feeling too, so I''m allowing it to piggyback on the announcement of the "fix". Note that Linux-2.1.63 simply implements a fix for the problem, instead of applying this fix, upgrading to 2.1.63 might be an option for you. Linus indicated that

I think this is an issue of serious interest to many of the subscribers of these lists; it would effectively ban a lot of security-related tools that many of use now find indispensable, e.g. ssh, pgp. ------- Start of forwarded message ------- Date: 21 Mar 1997 10:11:57 GMT From: rja14@cl.cam.ac.uk (Ross Anderson) Approved: R.E.Wolff@BitWizard.nl Subject: DTI proposals on key escrow The British