similar to: [MOD] About "Security concern"

Your message dated: Thu, 31 Jul 97 17:34:01 +0200 > * Drop source routes pakets Drop packets that have a source route flag set. This stops simpliest redirection attacks and should be always set to yes. > * always defragment Reassemble packet from fragments first and only after that apply firewalling rulesets. Unless you have a really good reason not to do this ( and I am yet to hear

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of

-----BEGIN PGP SIGNED MESSAGE----- Buffer overflow in the resource handling code of the libXt (X11R6) Thu May 29, 1997 Distribution of this document is unlimited Copyright (C) Alexander O. Yuriev (alex@yuriev.com) Net Access Abstract A buffer overflow was found in the resource handling

In message <199709161652.MAA31468@ding.mailhub.com>, "Alexander O. Yuriev" writ es: > > [Mod: This message is a reason *why* linux-security is moderated list. This > is also a reason why Rogier, myself, Alan Cox and others really do not want > to have completely open lists that deal with security related aspects of > running a system as way too many people just jump

-----BEGIN PGP SIGNED MESSAGE----- As I am sure you noticed from my messages to linux-{security|alert}, I have changed my primary email address from alex@bach.cis.temple.edu to alex@yuriev.com. Linux Security WWW will be moved from bach.cis.temple.edu in the nearest future and while I will continue to mirror pages to make them accessible at http://bach.cis.temple.edu/linux/linux-security/, please

Linux libc5.4.33''s mk[s]temp() functions require 6 X''s at the end of a filename (the BSD versions I''ve seen are a bit more flexible). This alone is enough to break any claims to real BSD compatability, but wait, there''s more: Only 1 of those 6 X''s are really unique. The rest are simply pid. So you can create exactly 62 temp files using mk[s]temp()

I just had a remote root break-in on my machine (x86 running Red Hat Linux 5.0 with all the updates except for kernel-2.0.32-3) this morning at 06:03:28 EDT. From what I''ve been able to gather, it appears to have been through snmpd, which I missed when I was weeding out unused daemons. Sorry for the feeble message, but all I know (or at least strongly suspect) is that there''s a

This is yet-another reason to _partition_ your disks. Of course hard links do not work accross filesystems. Even thought it is a pain in the neck to do when installing your operating system, think about separating critical system files from non-critical and non-system files from system files. I would say that the following layout is a good place to start: / /usr (nosuid,nodev,ro) /usr/local

-----BEGIN PGP SIGNED MESSAGE----- $Id: lpr-vulnerability-0.6-linux,v 1.1 1996/11/22 21:42:46 alex Exp $ Linux Security FAQ Update lpr Vulnerability Thu Nov 21 22:24:12 EST 1996 Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu) CIS Laboratories

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

Since the number of responses to my query was large, Roger has asked me to summarise the information. The summary is listed below Thanks to all the people who bothered to help me out: Alan Mead <adm@ipat.com> Beattie, Jay <JBeattie@accdir.com> Bruce Elrick <bruce.elrick@saltus.ab.ca> Christian Hammers <ch@lathspell.westend.com> David J. M. Karlsen

Hi, This is FYI. Lets not start discussion on a topic of "my fingerd is better than yours". Alex ------- Forwarded Message Return-Path: owner-bugtraq@NETSPACE.ORG Message-ID: <199705240145.WAA11413@morcego.linkway.com.br> Date: Fri, 23 May 1997 22:45:04 -0300 Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

Hi, This is just a pre-warning. I am in a process of implementing a filter that would automatically unsubscribe email addresses that cause permanent delivery errors, mostly user-unknown. Addresses that return "host unknown" and similiar will be placed into removal queue for 1 week from which they would be removed upon successful delivery. Otherwise, if after 1 week the error does not

[Mod: redirected to linux-security --alex] On Mon, 24 Mar 1997, Alexander O. Yuriev wrote: >This is yet-another reason to _partition_ your disks. Of course hard links >do not work accross filesystems. Even thought it is a pain in the neck to do >when installing your operating system, think about separating critical >system files from non-critical and non-system files from system

-----BEGIN PGP SIGNED MESSAGE----- The linux-alert-digest list has now been consolidated with the linux-alert list. There wasn''t nearly enough traffic on the linux-alert list to justify its having a separate digest list; subscribers to linux-alert-digest tended to receive the same number of e-mail messages as subscribers to linux-alert, only with an additional time lag of up to a

-----BEGIN PGP SIGNED MESSAGE----- $Id: lpr-vulnerability-0.6-linux,v 1.2 1996/11/25 22:39:20 alex Exp $ Linux Security FAQ Update lpr Vulnerability Mon Nov 25 16:56:59 EST 1996 Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu) CIS Laboratories

below. Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

[Mod: chat removed -- alex] From: userv-maint@chiark.greenend.org.uk (Ian Jackson) Approved: alex@yuriev.com To: linux-security@redhat.com Subject: userv - how to make cron (et al) not setuid 0. Introduction Some time ago I posted on linux-security to say that I was working on a client/server pair which would allow you to invoke a privileged service in a more secure manner. I''ve now

[Mod: headers removed -- alex] ------- Forwarded Message Reply-To: Marc Slemko <marcs@ZNEP.COM> Sender: alan@cymru.net From: Marc Slemko <marcs@ZNEP.COM> Approved: alex@yuriev.com Subject: Apache security advisory X-To: apache-announce@apache.org To: BUGTRAQ@NETSPACE.ORG [ Copies of this are being sent to BUGTRAQ, apache-announce, comp.infosystems.www.servers.unix, and

Hallo, I am currently installing XEN on an ARM64 EFI machine. (Debian Testing), Therefore, I installed the following packages: __________________________________________________________________ root at armbox:/etc# dpkg -l "xen*" | awk '/^ii/ {print $2 "\t\t" $3}' xen-hypervisor-4.6-arm64 4.6.0-1+nmu2 xenstore-utils 4.6.0-1+nmu2 root at