From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Fri, 15 Oct 93 04:24:41 EDT Subject: Linux-Admin Digest #110 Linux-Admin Digest #110, Volume #1 Fri, 15 Oct 93 04:24:41 EDT Contents: Re: User acct problems with emacs (Norbert J. Girardi) Re: Problems starting X (Roland King) Re: OS programming in unix ? (David Kraus) Re: talk between linux-systems and Suns (Robert W. Brewer) Re: OS programming in unix ? (Jonathan Magid) Re: Bootdisk made by SLS install hangs during boot (Kevin Brown) Re: [Summary] /etc/shutdown by non-root (Theodore Y. Ts'o) Re: Problems starting X (Clemens Huebner) Re: Shadow Passwords? (Dominik Kubla) Re: OS programming in unix ? (Dominik Kubla) ---------------------------------------------------------------------------- From: girardi@rniil.rni.sub.org (Norbert J. Girardi) Subject: Re: User acct problems with emacs Date: Thu, 14 Oct 1993 20:48:28 GMT James F Hall (ph9991ha@uwrf.edu) wrote: : I created a user account for myself, and found that I could not use emacs : the way I could (and still can) under root. I am wondering what is wrong. : I'd like to fix that. I looked through the FAQ, and tried to read all : the man's I could, but to no help. Any suggestions? Email please. Take a look at your "/" directory and you will probably find an ".emacs" file. This file contains the user dependent emacs settings. Copy it over to the user's $HOME directory and everything should be fine. Two comments, although there is a big flame war in c.o.l.development already going on: 1. This question is *NOT* LINUX related. It should have been asked in gnu.emacs.help. 2. It is kind of impolite to ask for an eMail reply since other people might also be interested in an answer. People trying to help are wading through tons of noise in these groups. Therefore, people asking questions should do so, too. Either to get answers to their questions - even before asked (preferred method) - or to pick up an answer to a posted question (and learning a lot from other questions/answers). - Norbert -- SSSSSS SQUAREDANCE is FRIENDSHIP set to MUSIC. S QQSQQQ Norbert J. Girardi < girardi@rniil.rni.sub.org > SSSQSS Q Voice: +49 621 493417 (h) +49 621 381-3260 (w) QQQQQQ If you know how to REPAIR YOUR SQUARE :-) drop me a line ------------------------------ From: rols@xtc.shearson.com (Roland King) Subject: Re: Problems starting X Date: Fri, 15 Oct 1993 13:06:04 GMT In article <1993Oct13.180531.7362@leland.Stanford.EDU> suhail@leland.Stanford.EDU (Suhail Qadeer) writes: I have an ATI mach-32 video card. I get the followin messages when I start X. I get the following messages and X startup fails. Please help..... ................Start of output.............................. ------ stuff deleted -------- ATI driver requires "clocks" to be set in Xconfig! Clocks 18 22 25 28 36 44 50 56 30 32 37 39 40 0 75 65 VGA256: 'ati' is an invalid chipset *** None of the configured devices was detected.*** Fatal server error: no screens found xinit: No such file or directory (errno 2): unexpected signal 13 ....................End of output...................................... Add the Clocks line, just like it says, to the vga256 section of Xconfig and (at least 2) of the default screen modes will work. If you get it going, can you mail me if you have problems getting back to text mode again. Every now and again, I get vertical black and white bars and no text mode when I get out of X (particularly when I use ctrl-alt-backspace) and I have to reboot. Cheers Roland ------------------------------ From: kraus@rtsg.mot.com (David Kraus) Subject: Re: OS programming in unix ? Date: 14 Oct 93 17:33:25 > Does anyone know of a good book that teaches programming unix (ie using > system calls and so forth) if so can I get title and author. > BTW I am a good C programmer, i just have never written anything to interact > with unix OS. So a newbie book is NOT what I am looking for. If you're looking for a C programming reference, there are two that will be of great use with Linux. Both come from O'Reilly & Associates: Using C on the UNIX System By Dave Curry ISBN 0-937175-23-4 POSIX Programmer's Guide By Donald Lewine ISBN 0-937175-73-0 If you're new to the UNIX way in general, there are quite a few intro books, including books on shell programming. In general, these are of limited use, but you might consider them if you've had limited experience in writing scripts and using pipes and I/O redirection. O'Reilly has one that might be useful: Learning the UNIX Operating System By Grace Todino & John Strang ISBN 0-937175-16-1 Good luck. -- Dave Kraus Internet: kraus@rtsg.mot.com Motorola Cellular Infrastructure Group FidoNet : 1:115/439.8 Disclaimer: My employer's views and my views may necessarily differ. "Sun to burn out in 1.5 billion years! Clinton has a plan." - Outland ------------------------------ From: rbrewer@rwb114.rh.psu.edu (Robert W. Brewer) Subject: Re: talk between linux-systems and Suns Date: 15 Oct 1993 02:48:40 GMT Reply-To: rbrewer@psu.edu Arnt Gulbrandsen (agulbra@nvg.unit.no) wrote: >The solution is for Sun to use the new one, but in the meantime you >can get and install ytalk on both machines. The latest version is >3.0.1. It's in the USENET sources archives, and I can make it >avialable for FTP if anyone wants me to. I tried compiling ytalk a week or two ago and it didn't work for me. There were just too many compiler errors for me to figure out. Any hints? I'd rather not snarf a binary for it, but even so I haven't seen one either. Thanks. -Rob -- Robert W. Brewer Finger for PGP public key... ------------------------------ From: jem@sunSITE.unc.edu (Jonathan Magid) Subject: Re: OS programming in unix ? Date: 15 Oct 1993 03:05:28 GMT In article <1993Oct14.130303.18000@cobra.uni.edu>, wrote: >Hey, > >Does anyone know of a good book that teaches programming unix (ie using >system calls and so forth) if so can I get title and author. >BTW I am a good C programmer, i just have never written anything to interact >with unix OS. So a newbie book is NOT what I am looking for. The best book of that sort that I have seen is Richard Steven's _Advanced Programming in the Unix Environment_. Its big (the only technical book I've seen which justifies its high price in the number of pages) and easy to read. Here's the neccesaries: Title: Advanced Programming in The Unix Environment Author: Richard Stevens Publisher: Addison-Wesley Edition: 1992 ISBN: 0-201-56317-7 jem. ------------------------------ Crossposted-To: comp.os.linux,comp.os.linux.misc,comp.os.linux.help From: kevin@frobozz.sccsi.com (Kevin Brown) Subject: Re: Bootdisk made by SLS install hangs during boot Date: Fri, 15 Oct 1993 01:26:00 GMT In article <2925osINN8h5@gap.caltech.edu> ernst@isis.klab.caltech.edu (Ernst Niebur) writes: >In article frank@manua.gsfc.nasa.gov (Frank Chen) writes: >>Same thing happened to me on a Laptop 386SX. >>.... > >Hm, I was convinced that I made a stupid beginner's mistake, but maybe >for once it is NOT me. > >My boot disk made by SLS does not work, either. I just installed the >last version of SLS ("0.99.12 #6 from August 10") and my boot floppy >(made at the end of the installation menu) stops right after saying > >"Press to see SVGA modes available, to continue or >wait 30 secs > >I waited for a LONG time (several minutes) but nothing happened. If you didn't press , then you might want to try that. >I also tried to make a boot disk by the method described in the >"Installation Guide" book (great book, btw!), but this did not work, >either. For the record, I did the following (being root in /): > >rdev zImage /dev/hda2 # ( I have a zImage in / ) Okay so far... >mke2fs /dev/fd0 1440 This isn't necessary. In fact, the fact that you had a mounted filesystem on the device might be why you had problems. >mount -t ext2 /dev/fd0 /floppy # I created a directory /floppy previously, Now you have a filesystem mounted on /dev/fd0, which means that the superblock has been loaded into memory. >cp /zImage /dev/fd0 # although it does not seem to be used here This is okay, too, despite claims to the contrary. >unmount /dev/fd0 *This* is likely to be why you had problems. Unmounting a read/write filesystem will cause the superblock to be written back to the device if there have been any changes, and perhaps even if there haven't been any changes (though it doesn't look like it, given what the source code seems to be saying). Was there activity on the floppy disk when you umounted it? >This stopped with > >Uncompressing Linux... > >invalid compressed format Yup. This is probably because you umounted a filesystem that resided on the same device. Try the following: rdev zImage /dev/hda2 # already done, so this isn't necessary. cp zImage /dev/fd0 sync # *Always* sync to be on the safe side. And then reboot. -- Kevin Brown kevin@frobozz.sccsi.com This is your .signature virus: < begin 644 .signature (9V]T8VAA(0K0z end > This is your .signature virus on drugs: <> Any questions? ------------------------------ From: tytso@athena.mit.edu (Theodore Y. Ts'o) Crossposted-To: comp.unix.admin Subject: Re: [Summary] /etc/shutdown by non-root Date: 15 Oct 1993 05:08:32 GMT Mea culpa, mea culpa, mea maxima culpa.... In my rush to respond negatively to your claims that the >Linux (well, at least version 0.99.11) passes the filename as "./-" >rather than plain "-". I made some mistaken statements about argv handling in shell scripts. Part of it was that I thought you were saying that Linux was changing argv[0] for non-shell script execve's, which was just confusion on my part. So let me set the record straight about what actually happens: For a non #! interpreted execve, argv[] is passed through unmodified to the exec'ed programed. For a #! interpreted execve, the following arguments are inserted at the head of the argv[] array. (1) The name of the interpreter (this becomes argv[0]; (2) an optional argument to the interpreter on the #! line (if it exists); (3) the filename of the shell script, exactly as passed to the execve() system call. This behavior matches exactly the behahvior of execve under Ultrix; while the behavior of execve() is defined for a non-#! file (where indeed POSIX disallows any modification to the passed in argv[] array), the definition of #! interpretation is not defined in either POSIX.1 or POSIX.2. So while it's not ruled out, there is no standardized behavior for it either. So having Linux's execve() follow that of Ultrix seems pretty reasonable. However, my mistakes in my previous posting should not obscure the central point I was making --- which is that under Linux, the kernel is ***not*** mapping '-' to './-'. So if someone modified Linux to allow setuid shell scripts, and they created a setuid shell script, I could break into that machine while holding my breath(*): Here's what I would have to do: cd /tmp cat > foo.c char *args[] = { "heh heh heh", "0" }; main(argc,argv) { execve("-", args, envp); } ^D ln -s /etc/setuid-script - - *BOOM* setuid root shell. :-) The reason why you saw the "-" to "./-" transformation was purely an artifact of the path searching that goes on --- either in execvp(), or in /bin/bash. However, if you had compiled csh or tcsh on your system, it does its own hashing to speed up the path lookup, and so it calls execve() directly, without adding the "./"; so this would have become obvious to you. In any case, it doesn't matter since anyone could simply write their own driver routine to call execve() directly in order to exploit a setuid shell script. How can you have truely secure setuid shell scripts? There are three possible ways: (1) Change the kernel to pass an open file descriptor containing the file to be interpreted in fd3. Disadvantage: This requires that every single possible interpreter be modified to check fd3 to see if there is a shell script to be interpreted. This is totally incompatible change. (2) Same as (1), but modify the kernel to pass "/proc/self/fd/3" as the shell script to be interpreted. Disadvantage: Depends on /proc being mounted; until /proc is mounted, shell scripts won't work at all. Also, if /proc isn't mounted yet and /proc is writeable, you will have a security hole. Further disadvantage: Nothing else in the kernel needs to know anything about where various filesystems (including /proc) is mounted. This makes the proc filesystem, and the magical /proc location, pretty magical. From a purely architectural point of view, this is extremely ugly. (3) Continue to have the kernel not allow setuid shell scripts, but continue to allow them to be run. Modify each interpreter to follow the "perl" setuid algorithm. * The interpreter checks to see if the setuid bit is set on the shell script has just opened. * If the shell script has the setuid bit set, then exec a setuid version of the interpreter ("tperl" in perl's case) with the same arguments. * The setuid version of the interpreter opens the shell script again, and the fstat()'s the file. If the file still has the setuid bit, then go ahead and execute it. If it does not, it should print an error message about someone switching binaries on it, and error out. Disadvantage: You have to modify each interpreter differently. Two different versions of the interpreter has to be saved --- the normal interpreter and the setuid trusted interpreter. The advantage is that it is by far the cleanest method, and the most secure, since you have to modify each interpreter one by one. #3 is the only method that makes sense; and that just requires application level changes; no kernel requirements needed! :-) - Ted (*) The comment about "while holding my breath" is an allusion to how a number of former Project Athena Watchmakers (student system programmers) is their claims that they could set up a Kerberos realm while holding their breath. A large number of them could do it, too!@ (It's not that hard once yet get the hang of it. :-) ------------------------------ From: huebner@lkn.e-technik.tu-muenchen.de (Clemens Huebner) Subject: Re: Problems starting X Date: 15 Oct 93 05:42:12 GMT In article , rols@xtc.shearson.com (Roland King) writes: |> In article <1993Oct13.180531.7362@leland.Stanford.EDU> suhail@leland.Stanford.EDU (Suhail Qadeer) writes: |> |> I have an ATI mach-32 video card. I get the followin messages when I start X. I |> get the following messages and X startup fails. Please help..... |> |> |> ................Start of output.............................. |> |> |> ------ stuff deleted -------- |> |> ATI driver requires "clocks" to be set in Xconfig! |> Clocks 18 22 25 28 36 44 50 56 |> 30 32 37 39 40 0 75 65 |> VGA256: 'ati' is an invalid chipset |> *** None of the configured devices was detected.*** |> |> |> Fatal server error: |> no screens found |> xinit: No such file or directory (errno 2): unexpected signal 13 |> ....................End of output...................................... |> |> |> Add the Clocks line, just like it says, to the vga256 section of Xconfig and (at least 2) of the |> default screen modes will work. |> |> If you get it going, can you mail me if you have problems getting back to text mode again. |> Every now and again, I get vertical black and white bars and no text mode when I get out of |> X (particularly when I use ctrl-alt-backspace) and I have to reboot. |> |> Cheers |> |> Roland The problem is not theclock line, but the X-Server itself. You have to use X8514 instead of X386. Get X8514, copy it to /usr/X386/bin and set the link 'X' to 'X8514'. Clemens Huebner ============================================================================== Clemens Huebner huebner@pollux.lkn.e-technik.tu-muenchen.de Giessuebl 4 huebner@alex.lkn.e-technik.tu-muenchen.de 82279 Eching a.A huebner@beethoven.lkn.e-technik.tu-muenchen.de Germany Linux -- the free 32-bit OS Tel.+Fax ++4981431480 ============================================================================== ------------------------------ From: kubla@mogli.zdv.Uni-Mainz.DE (Dominik Kubla) Subject: Re: Shadow Passwords? Date: 15 Oct 1993 08:04:27 GMT Steven M. Palm (smp@solaria.mil.wi.us) wrote: : I'm setting up Linux for my own personal use. Odds are that it will never : be publicly accessable. : I installed from the Slackware 1.04 release, and find it quite nice. But : I see that it also uses the Shadow Passwords. What exactly are Shadow : passwords? : How are they different from a normal setup, and will they cause any problems : at all for future software packages?? Is there a way to remove them if they : do? : Sorry if this is a FAQ, but I haven't seen it mentioned. : ---- : Steven M. Palm FidoNet, if you must, 1:154/600.0 : Milwaukee, WI smp@solaria.mil.wi.us The shadow password suite consists of a library (libshadow) and several useful utilities (user{add|mod|del}, group{add|mod|del}, chfn, chsh, ...). The basic idea of the shadow password scheme is that the (encrypted) password is stored in a different file than /etc/passwd: /etc/shadow. Normally /etc/shadow is owned by root with the gid shadow. This way people can access /etc/passwd without getting their hands on your (encrypted) password. This adds to the system security. CAVEAT: Any passwd related applications (like xdm) need to be recompiled to be sure that they recognize shadow passwords. (Unless someone can make the password facility run-time configurable.) The libc does NOT include shadow password support. -- Cheers, Dominik +-----------------------------------------------------------------------------+ | eMail: kubla@goofy.zdv.Uni-Mainz.DE | | sMail: Dominik Kubla, Steinsberg 34, 56355 Nast\"atten, F. R. Germany | +-----------------------------------------------------------------------------+ | | | "Linux: The choice of a GNU generation" --S. Frampton | | | +-----------------------------------------------------------------------------+ DISCLAIMER: Everything written above are the expressed thoughts of the author and in no way connected to 'Johannes Gutenberg Universit\"at", Mainz (Germany). This way, they do not have to care about what I say ... ------------------------------ From: kubla@mogli.zdv.Uni-Mainz.DE (Dominik Kubla) Subject: Re: OS programming in unix ? Date: 15 Oct 1993 08:06:19 GMT simmonr5387@cobra.uni.edu wrote: : Hey, : Does anyone know of a good book that teaches programming unix (ie using : system calls and so forth) if so can I get title and author. : BTW I am a good C programmer, i just have never written anything to interact : with unix OS. So a newbie book is NOT what I am looking for. : -- Danke : -- Rob Have a look at the kernel hackers guide from the Linux Documentation Project (can be found on SunSite.unc.edu). It has a bibliographic appendix. -- Cheers, Dominik +-----------------------------------------------------------------------------+ | eMail: kubla@goofy.zdv.Uni-Mainz.DE | | sMail: Dominik Kubla, Steinsberg 34, 56355 Nast\"atten, F. R. Germany | +-----------------------------------------------------------------------------+ | | | "Linux: The choice of a GNU generation" --S. Frampton | | | +-----------------------------------------------------------------------------+ DISCLAIMER: Everything written above are the expressed thoughts of the author and in no way connected to 'Johannes Gutenberg Universit\"at", Mainz (Germany). This way, they do not have to care about what I say ... ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************