From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Wed, 29 Sep 93 14:24:36 EDT Subject: Linux-Admin Digest #82 Linux-Admin Digest #82, Volume #1 Wed, 29 Sep 93 14:24:36 EDT Contents: Re: 3.5 boot floppies. Not really Re: [Not] enough SLS bashing anymore (Bill C. Riemers) Re: [Q]: How do I make SLIP connection with BOOTP under linux (Gary Jackson) Re: [Not] enough SLS bashing (jcburt@gats486.larc.nasa.gov) Re: [Summary] /etc/shutdown by non-root (Fergus James HENDERSON) Re: [Summary] /etc/shutdown by non-root (Fergus James HENDERSON) DOS EMULATOR (Horng-Ming Tai) Re: security and Linux binaries (Rogier Wolff) ---------------------------------------------------------------------------- From: bcr@bohr.physics.purdue.edu (Bill C. Riemers) Subject: Re: 3.5 boot floppies. Not really Re: [Not] enough SLS bashing anymore Date: 29 Sep 93 04:39:03 GMT In article <1993Sep26.193920.1780@tcshb1.north.de> taifun@tcshb1.north.de (Markus Nolte) writes: >Hi ! >Well - here is my solution to install the slackware dist. without an 3.5" disc. >There is a tool for MS-DOS called "fdformat" and "fdread" >It must be available on many ftp-sites. >This tool allows you to format 5.25" discs with more capacity and with >"FDFORMAT A: /F144" you can format your 5.25" floppy like a 3.5" floppy. If you read the documentation for fdformat you'll find: 1. It doesn't work on all 5.25" drives, in fact it mostly just works with older ones of the right type... (Otherwise they would sell 5.25" drives with higher capasity.) 2. It is dangerous on all 5.25" drives. It will cause your drive to go out of alignment sooner. 3. Standard 5.25HD/DS disks will normally still have a few bad sectors when formated this way. (The boot disk can't have any errors!) >YOU ARE ABLE TO BOOT AND INSTALL THE SLACKWARE RELEASE WITH THE 5.25" FLOPPY !! >At leaset that works for me (386/40 with AMI-BIOS) I'm impressed. As you can tell I wouldn't expect this to work 95% of the time. If it works for you, great, but I wouldn't recommend it as a general solution. Bill ------------------------------ From: gjackson@trinidad.umhc.umn.edu (Gary Jackson) Subject: Re: [Q]: How do I make SLIP connection with BOOTP under linux Reply-To: gjackson@tahiti.umhc.umn.edu Date: Wed, 29 Sep 1993 12:07:38 GMT In article hedrick@geneva.rutgers.edu (Charles Hedrick) writes: > ytchang@magnus.acs.ohio-state.edu (Yi-Tsun Chang) writes: > Here is the problem : I trid to use SLIP of my linux box to connect to >the SLIP server of my school. After the connection, and entering the server's >SLIP mode, the server only gives me my ip number but NO server's IP. Therefore, >I can not use 'remote' in dip to set the remote's ip. This SLIP connection >works well under DOS using NCSA telnet with BOOTP. How do I make a SLIP >connection with BOOTP under linux. >Thanks in advance. > -- If your Univ is anything like the Univ of MN, the slip server will most likely be xxx.xxx.xxx.1 If that doesn't work, try calling your campus, odd are that someone will know the IP of the slip server. .. Gary : Gary M. Jackson : Mail gjackson@tahiti.umhc.umn.edu : Applications Programmer : Compuserve 75766,2446 : Lab Info Systems - Box 198 UMHC : : University of MN Hospitals : : Mpls MN 55455 : The Usual Disclaimer ------------------------------ From: jcburt@gats486.larc.nasa.gov Subject: Re: [Not] enough SLS bashing Date: 29 Sep 1993 12:59:16 GMT In article person@plains.NoDak.edu (Brett Person) writes: In article jcburt@gats486.larc.nasa.gov writes: > >And a 1.2MB 5-1/4" floppy is configured as the boot floppy drive on the majority >of 386/486 machines sold today, so why *not* support what is a defacto standard? >And since it *is* supported, why even *suggest* it's not by telling someone to >"buy more hardware..." Slackware Does support 5.25 booting. And, I supppose, if you were even barely technically competent, you could roll your own distribution from Slackare on 5.25. And if you had a clue you wouldn't make such a comment...lets see if you can understand simple statements...if you can't get the Slackware on your system to begin with, just *how* are you supposed to "roll your own distribution..." ? The problem is not with Slackware, its with the *attitude* that many people have of "buy more hardware"...why should I "buy more hardware" when A) All the software contained in the distribution runs just fine on the existing hardware. B) The only thing that *doesn't* "run just fine" on the existing hardware is the distribution itself. C) The only reason the distribution doesn't run is because the person who is supporting the distribution decided to *not* support the lowest common denominator. i.e. its one hell of alot easier to place 1.2MB of data on 1.44MB diskette, than it is to try and cram 1.44MB of data onto a 1.2MB diskette. In the PC world most commercial software distributions are available on *either* 1.44MB diskettes *or* 1.2MB diskettes. Those packages that are distributed on only one media typically use the lowest common denominator, the 1.2MB diskette... I'd like to make just some general Unix points about all this. * The kernel is FAT. You people have demanded so many features that the kernel is now beyond a reasonable size. The zImage on my system is well over 200K. Bash is almost 300K. Libc.so.4.4.1 is 600K. Ummm... have you by chance taken a look at any *other* UNIX kernels for PC and/or other machines? The one that comes with my RS/6000 is approaching 2MB, the one on my sun 3/80 is just about 1MB...But you know...the nice thing about linux is that after you install the system, if you don't like all the added bells and whistles, you can recompile the kernel and get rid of what you don't want... Lets see. I make that at about 1100K and we havent added in the stuff that we actually NEED to make a boot disk be functional. I sure hope ls, mkdir, rmdir, /etc/passwd, mount, umount, shutdown et al are all under 100K. Oh, I see...you're talking about the *distribution* kernel...I would have to agree with you on this one...I think the distribution kernel should just support the basics and not worry about supporting sounds cards or whatever. try having 2 boot diskettes, one that supports standard disk drives, the other that adds support for SCSI. Add a few more diskettes worth of files and you have a *basic* system capable of compiling a new kernel that can be configured to a particular system. After this new kernel is tailored to the *then* you can add all the extras the cause SLS and others to require 30+ diskettes, *then* you can have the option of installing via NFS or CD-ROM or TAPE or whatever you want... John -- John Burton G & A Technical Software, Inc. jcburt@gatsibm.larc.nasa.gov 28 Research Dr. Hampton, Va. 23666 jcburt@gats486.larc.nasa.gov (804) 865-7491 ------------------------------ Crossposted-To: comp.unix.admin From: fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) Subject: Re: [Summary] /etc/shutdown by non-root Date: Wed, 29 Sep 1993 12:57:43 GMT jmc@pawnee.telecom.ksu.edu (James Chacon) writes: >fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) writes: > >>On the other hand, supposing that your operating system and shell support >>secure setuid scripts, then > >> #!/bin/sh - >> /bin/echo Hah! You\'re not root! > >>would be quite safe. > >I don't think so. What if I do this before I run your "safe" shell script? > >cd /tmp >cat bin > >#!/bin/sh >IFS=" " >export IFS >/bin/sh > >PATH=.:$PATH;export PATH >IFS=" > Then supposing as I said above that your shell supports secure setuid scripts, it will ignore the environment value of IFS. The standard /bin/sh on Linux (bash) does not honour the environment setting of IFS, so this will not be a problem on Linux. >Are you going to require the kernel to clear the environment before calling >setuid shell scripts?? This is a groddy hack to have to put in a kernel, >and definitly shouldn't have to be in the shell either. All the shell has to ensure is that if it uses environment variables, it does so in a way that allows setuid scripts to safely initialize their environment. This is hardly much to ask. Ensuring this for bash 1.12 required only a one-line change. -- Fergus Henderson fjh@munta.cs.mu.OZ.AU ------------------------------ Crossposted-To: comp.unix.admin From: fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) Subject: Re: [Summary] /etc/shutdown by non-root Date: Wed, 29 Sep 1993 13:13:43 GMT jmc@pawnee.telecom.ksu.edu (James Chacon) writes: >fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) writes: > >>jmc@pawnee.telecom.ksu.edu (James Chacon) writes: > >>>A setuid shell script runs setuid, so does the shell that interprets it. It >>>can be spoofed very very easily. > >>This is not correct - the correct answer is that it is system dependent. >>This whole issue is described in detail in comp.unix.questions FAQ #4.7 >>"How can I get setuid shell scripts to work?". > >It is not system dependent. It _is_ system dependant. For example on standard Linux it is simply not true that "A setuid shell script runs setuid, so does the shell that interprets it", since standard Linux ignores the setuid bits for scripts. The same is true of many other Unix systems. >If a system allows setuid scripts to be executed, >then they can be gotten around. I am referring to current system's here. On my patched Linux system, with a fixed bash as /bin/sh, setuid scripts could not be "gotten around". >Even if you fix the race condition, the environment coming in plays a big >factor. I think that you will find that after you apply the one-line patch to bash to fix the $ENV hole, the environment does not cause any security problems for setuid bash scripts. >That linux does this has always been a good thing in my mind, but I really >doubt no matter what you do that shell scripts can made secure always. Well, of _course_ they can't be made secure "always". But the same is true of C programs. This fact does not mean that setuid C programs are useless, and similarly the fact that there are some insecure setuid shell scripts does not mean that all setuid shell scripts are useless. -- Fergus Henderson fjh@munta.cs.mu.OZ.AU ------------------------------ From: ming@med.umich.edu (Horng-Ming Tai) Crossposted-To: comp.os.linux.help,comp.os.linux.misc,comp.os.linux Subject: DOS EMULATOR Date: 29 Sep 1993 15:16:34 GMT Is there anyone knows how to setup dos emulator? I have troubles on running dos applications. TKS. ------------------------------ From: wolff@tardis.et.tudelft.nl (Rogier Wolff) Subject: Re: security and Linux binaries Date: 29 Sep 1993 15:53:16 GMT Jacques Gelinas (jack@solucorp.qc.ca) wrote: : If I was to upload a BAD program somewhere, I don't think any one would : catch the hidden feature, be it in source or binary form. Those who : think so are dreaming. Currently the MSDOS world is taken by storm by : all kind of virus (It is a way of life : these days). Don't believe that a BAD program will show its bad side : within five minutes. It may be months. And it may even do its hidden : things randomly once in a while. The trick is to make a package that lots of people like, and will install. Have the program require root privelidges to operate correctly. Have the program listen on a known port for network connections. Subtly embed some features that can be used to gain root access. Then call it "PCNFS". Roger. -- * Not that I have tested it - I just wrote the code and hope it works. * * "Real programmers" don't test: they assume it works the first time, * * and anyway, what do you think beta-testers are for? -Linus Torvalds * EMail: wolff@dutecai.et.tudelft.nl ** Tel +31-15-783643 or +31-15-142371 ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************