From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Thu, 30 Sep 93 09:32:43 EDT Subject: Linux-Admin Digest #85 Linux-Admin Digest #85, Volume #1 Thu, 30 Sep 93 09:32:43 EDT Contents: Re: 3.5 boot floppies. Not really Re: [Not] enough SLS bashing anymore (Alex Freed) Re: [Not] enough SLS bashing (Orc) Problems with cpio backup. (Peter Choynowski) Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] (Frank Luthe) umount of root at shutdown (Keith Howell) Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] (Thomas Koenig) Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] (Jim Dodd) Re: 3.5 boot floppies. Not really Re: [Not] enough SLS bashing anymore (Jerry Gaiser) Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] (Chris Flatters) SCSI HD (Nan He) SCSI (Nan He) Missing files looked for by Terminal servers on net (Steve DuChene) Re: security and Linux binaries (root@Belvedere%hip-hop.suvl.ca.us) Re: [Q] rebuilding the kerenl (Fergus James HENDERSON) kernel .99.13 doesn't see mitsumi (Maurizio Codogno) Re: Using OS/2 Boot Mgr (alane@wozzle.linet.org) Re: [Summary] /etc/shutdown by non-root (Tommy Reingold) Re: [Summary] /etc/shutdown by non-root (Tommy Reingold) ---------------------------------------------------------------------------- From: freed@europa.orion.adobe.com (Alex Freed) Subject: Re: 3.5 boot floppies. Not really Re: [Not] enough SLS bashing anymore Date: Wed, 29 Sep 1993 18:33:48 GMT I just love the "technical" advice from people who *think* they are right but never tested their theories. Bill C. Riemers writes: 1. It doesn't work on all 5.25" drives, in fact it mostly just works with older ones of the right type... (Otherwise they would sell 5.25" drives with higher capasity.) I didn't test ALL 5.25" drives, so no comment. 2. It is dangerous on all 5.25" drives. It will cause your drive to go out of alignment sooner. How is that? The only difference is 18 vs 15 sectors, so the gaps are smaller. Not only the same number of TRACKS is used, but also the same density inside the sector. I would be very interested to know how can a smaller gap (unused space between sectors) affect the drive's alignment. 3. Standard 5.25HD/DS disks will normally still have a few bad sectors when formated this way. (The boot disk can't have any errors!) Again, I didn't test ALL 5.25" drives, but I never had bad sector this way. -- _______________________________________________________ | -Alex Freed (The opinions expressed are my own. | | However everyone is entitled to them.) | | freed%adobe.com@uucp-gw-1.pa.dec.com | ------------------------------------------------------- ------------------------------ From: orc@pell.chi.il.us (Orc) Subject: Re: [Not] enough SLS bashing Reply-To: orc@pell.chi.il.us (Orc) Date: Wed, 29 Sep 1993 19:12:19 GMT In article , wrote: >In article person@plains.NoDak.edu (Brett Person) writes: > > Slackware Does support 5.25 booting. And, I supppose, if you were even > barely technically competent, you could roll your own distribution from > Slackare on 5.25. > >And if you had a clue you wouldn't make such a comment...lets see if you can >understand simple statements...if you can't get the Slackware on your system >to begin with, just *how* are you supposed to "roll your own distribution..." ? Hmm, I think the assumption here is that you'll be getting slackware across the net, then writing it to floppies and doing the disk install from that point. If you're buying floppies from someone else, then it's more of a point, but since it is possible to do it, certainly you can look for a vendor who'll be willing to load the installation onto 5.25" disks for you. ____ david parsons \bi/ who just pulled the 5.25" drive from his machine \/ ------------------------------ From: pkc@scs.carleton.ca (Peter Choynowski) Subject: Problems with cpio backup. Date: Wed, 29 Sep 1993 19:22:08 GMT I am having problems in using cpio to run a remote backup. When executed locally on the Linux system, all works fine, but when I put the command in a script, and run it from rsh command from another system, it does not work, and I get an error 'cpio: write error'. The same script and cpio command ( find / -depth -print | cpio -oBc ) work on another Unix box. Does it have anything to do with lack of a controlling terminal when using rsh ? Thanks, Peter ------------------------------ From: frl@verdi.rd.sub.org (Frank Luthe) Subject: Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] Date: Sun, 26 Sep 1993 19:29:47 GMT damien@b63519.student.cwru.edu (Damien Neil) writes: >Copying passwords from /etc/shadow to /etc/passwd is pointless. It negates >the whole purpose of having shadow passwords in the first place. If you >do this, you might as well not install shadow passwords at all; it will >save you many headaches and be just as secure. Maybe a stupid question, but, why don't we just keep the /etc/passwd world unreadable? What's the advantage of the shadow method? Greetings, Frank -- Frank Luthe, Flensburger Str. 38, 24768 Rendsburg, Germany email: frl@verdi.rd.sub.org ------------------------------ From: kch@edgtech.demon.co.uk (Keith Howell) Subject: umount of root at shutdown Date: Wed, 29 Sep 1993 19:46:13 +0000 Even after downloading the latest kernel and bootutils and sysvinit I am still being told that root is unclean when booting up. If I modify inittab and set up a single user mode then I find that after the shutdown, all filesystems have been unmounted and root is read only. Why would root not be marked clean? Is there some vital instruction that I am not issuing? I got the impression from the bootutils docs that if root was read only then it would be marked clean. -- ,---------------------------+----------------------------------------------. | Keith Howell | EdgTech International Ltd, 4/5 North Bar St, | | kch@edgtech.demon.co.uk | Banbury, OX16 0TB, United Kingdom. | | kch@cix.compulink.co.uk | Tel +44 (0)295 277088 Fax +44 (0)295 279179 | ------------------------------ From: ig25@fg70.rz.uni-karlsruhe.de (Thomas Koenig) Subject: Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] Date: 29 Sep 1993 20:28:06 GMT frl@verdi.rd.sub.org (Frank Luthe) writes: >Maybe a stupid question, but, why don't we just keep the /etc/passwd world >unreadable? What's the advantage of the shadow method? Your username, userid, groupid, home directory, and login shell are stored there. You want to get at them sometime, I suppose ;-) -- Thomas König, ig25@rz.uni-karlsruhe.de, ig25@dkauni2.bitnet The joy of engineering is to find a straight line on a double logarithmic diagram. ------------------------------ From: jimd@netcom.com (Jim Dodd) Subject: Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] Date: Wed, 29 Sep 1993 22:14:14 GMT Frank Luthe (frl@verdi.rd.sub.org) wrote: : damien@b63519.student.cwru.edu (Damien Neil) writes: : >Copying passwords from /etc/shadow to /etc/passwd is pointless. It negates : >the whole purpose of having shadow passwords in the first place. If you : >do this, you might as well not install shadow passwords at all; it will : >save you many headaches and be just as secure. : Maybe a stupid question, but, why don't we just keep the /etc/passwd world : unreadable? What's the advantage of the shadow method? Since, the dark ages of UNIX this file has been readable. Now, I do not believe that something just because that`s the way its always been done. Unfortunately, in this case there are many applications tha depend on the accessibility of user account information by reading from this file. There may be other reasons, but to suddenly have many applications stop working if a strong motivater to me. Jim Dodd jimd@netcom.com -- Jim Dodd email: jimd@netcom.com ------------------------------ From: jerryg@jaiser.rain.com (Jerry Gaiser) Subject: Re: 3.5 boot floppies. Not really Re: [Not] enough SLS bashing anymore Date: Wed, 29 Sep 1993 07:29:11 PST Reply-To: jerryg@jaiser.rain.com (Jerry Gaiser) ehhchi@maroon.tc.umn.edu (Ed H. Chi) writes: > In article dvs@ze8.rz.uni-duess > eldorf.de (Wolfgang R. Mueller) writes: >> >>What about bootb.zip ? ( from ancient SLS times yet available at >>clio.rz.uni-duesseldorf.de:[/rz/ftp/]linux/sls102 ) >>Or is that no longer usable because of the double ramdisk copyings (the >>second one after the kernel configuration messages and so presumably not by >>bios calls) ? >>Wolfgang R. Mueller , >>Computing Centre, Heinrich-Heine-University, Duesseldorf, Germany. > > > yes, bootb still works. > > So, are you thinking the same thing I am?? > > What's all this fuss about making 5 1/4 boot disks?? Just use bootb, and > you won't ever have to make two seperate boot disk mediums. > While bootb does indeed boot the b drive, the 3 1/2 inch boot disk appears to have /dev/fd0 hardwritten into it. When it attempts to load the ramdisk, it wants to access A:. I'll just stick with the 5 1/4 test boot disks. They work for me. -- Jerry Gaiser (jerryg@jaiser.rain.com) (voice) 503-359-4017 Fidonet 1:105/380 (bbs) 503-359-5111 Inritum est qua legibus prohibitum est ------------------------------ From: cflatter@nrao.edu (Chris Flatters) Subject: Re: SECURITY HOLE in SLS [NOT-QUITE-FIX] Reply-To: cflatter@nrao.edu Date: Wed, 29 Sep 93 23:44:10 GMT In article 1198@verdi.rd.sub.org, frl@verdi.rd.sub.org (Frank Luthe) writes: >damien@b63519.student.cwru.edu (Damien Neil) writes: > >>Copying passwords from /etc/shadow to /etc/passwd is pointless. It negates >>the whole purpose of having shadow passwords in the first place. If you >>do this, you might as well not install shadow passwords at all; it will >>save you many headaches and be just as secure. > >Maybe a stupid question, but, why don't we just keep the /etc/passwd world >unreadable? What's the advantage of the shadow method? /etc/passwd is misnamed: it contains most of the data pertaining to a user account and not just the password. For example, ls looks at /etc/passwd to translate the pid of the file's owner to an account name for the ls -l display. If /etc/passwd were not world readable then any program that needs to look at a field in the password file would have to have the necessary setuid or sitgid privileges. This would be a security hazard of itself (people have exploited bugs in setuid-root programs to break into systems - the Internet worm exploited such bugs - and the chances of a setuid/setgid program having an exploitable bug rises as the number of setuid/setgid programs increases). The shadow password technique allows the non-sensitive information about user accounts to be world-readable while protecting the sensitive data (the crypted password). Chris Flatters cflatter@nrao.edu ------------------------------ From: henan@mcmail.cis.mcmaster.ca (Nan He) Subject: SCSI HD Date: Wed, 29 Sep 1993 23:18:01 GMT Hi, dear Netter, I need to get help from experienced people for the following problem: I have a PC 386DX25MHz, with an IDE 82MB Seagate HD. I am going to install a 340MB SCSI HD with Adaptec 1542c bus master controller. The configuration is that I use the IDE drive as the boot drive. Since the total space is 82MB+340MB=422MB, I am going to format it to 2 part(how?), one part is 100MB reserved for DOS5.0, while the rest is for Linux. My question is, can I do such partition? If this is possible, is there any trouble or tips for running both the two OS(not the same time, of course)? Please send reply to: henan@mcmail.cis.mcmaster.ca Thanks in advance for any advice! Allen N. He ------------------------------ From: henan@mcmail.cis.mcmaster.ca (Nan He) Subject: SCSI Date: Wed, 29 Sep 1993 23:24:45 GMT Hi, dear Netter, I need to get help from experienced people for the following problem: I have a PC 386DX25MHz, with an IDE 82MB Seagate HD. I am going to install a 340MB SCSI HD with Adaptec 1542c bus master controller. The configuration is that I use the IDE drive as the boot drive. Since the total space is 82MB+340MB=422MB, I am going to format it to 2 part(how?), one part is 100MB reserved for DOS5.0, while the rest is for Linux. My question is, can I do such partition? If this is possible, is there any trouble or tips for running both the two OS(not the same time, of course)? Please send reply to: henan@mcmail.cis.mcmaster.ca Thanks in advance for any advice! Allen N. He ------------------------------ From: s0017210@cc.ysu.edu (Steve DuChene) Subject: Missing files looked for by Terminal servers on net Date: 30 Sep 1993 03:25:23 GMT I'm running SLS1.03 (0.99pl12 kernel) and am connected to our local network on campus. I'm really happy with the performance of the Net-2 code except that the local terminal servers keep trying to connect with my linux box and when they do they use the bootpd deamon to look for /etc/bootptab or look for /etc /in.timed (without the bootpd deamon). These files don't exist on my system and since I'm not sure what they do or look like I'm unable to create them. Also the reason I'm trying to solve this is when all of this occurs (about every few minutes) several log entries are made in /usr/log/notice and this file is accumu- lating about 40-50K every day. If someone could give me some info about these files along with the function of the bootpd deamon I would appreciate it. I have looked on some of the other local UNIX systems on campus (Sun Spark and IBM RS6000 work- stations) but to no avail. Thanks Steve DuChene s0017210@cc.ysu.edu or sduchene@cis.ysu.edu ------------------------------ From: root@Belvedere%hip-hop.suvl.ca.us Subject: Re: security and Linux binaries Date: Thu, 30 Sep 1993 01:53:11 GMT Bill Bogstad (bogstad@blaze.cs.jhu.edu) wrote: : In article <27q3rk$99l@osshe.edu>, John Ritchie wrote: : > : >Hello fellow Linux sysadmins... : > : >[For a secure system don't use precompiled binaries. Get the sources.] : >... : >I guess the point I want to make is three-fold: First, users, be aware : >of the possibility that binaries you use may not be as secure as you : >assume they are; Second, packagers (such as SLS or Slackware), many : I agree with you in general; but binary distributions are not going : to go away. One thing that might help (a little) is if people who put : together packages would provide some kind of checksum of the package as a : whole. This would not only help to verify that the binary XWYSIWIG 2.0 I agree in principle. I think that the major Linux distributors could learn something by looking at the way 386BSD/NetBSD is distributed. Even though it's cpio rather than tar (which isn't a big thing) the important difference and the one that's cogent to the discussion here is that each and every file in the distribution is listed in a 'manifest' file which has checksum information. Furthermore, the installation software knows to check actual against published checksums, so you know now whether you have a bad copy of something, and not sometime later when you attempt to use it and it just won't work. : could be distributed through some other channel then binaries. This may I think it would be better to have them distributed along with the binary packages themselves. : Bill Bogstad -- David Fox root@Belvedere%hip-hop.suvl.ca.us 5479 Castle Manor Drive San Jose, CA 95129 Thanks for letting me change 408/253-7992 magnetic patterns on your hard disk. ------------------------------ From: fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) Subject: Re: [Q] rebuilding the kerenl Date: Thu, 30 Sep 1993 10:43:49 GMT jimd@netcom.com (Jim Dodd) writes: >I'm curious why _ALL_ modules must be recompiled when any options are >reconfigured for the kernel? Good question. Why don't you work out how to fix it, and send Linus a patch? -- Fergus Henderson fjh@munta.cs.mu.OZ.AU ------------------------------ From: mcodogno@nyx.cs.du.edu (Maurizio Codogno) Subject: kernel .99.13 doesn't see mitsumi Date: Thu, 30 Sep 93 11:27:16 GMT I decided to compile a fresh, 0.99.13 kernel to use instead of the SLS 1.03 one. Unfortunately now the "mitsumi init failed". I have set in the config script options Mitsumi and ISO9660. Should I add something else? -- ciao! .mau. ===== Maurizio Codogno - CSELT UF/DU dept. - Torino Italy "home" email: mau@beatles.cselt.stet.it ------------------------------ From: alane@wozzle.linet.org Subject: Re: Using OS/2 Boot Mgr Date: 29 Sep 93 22:49:43 GMT In article ckumarad@chip.oci.utoronto.ca (Carl Kumaradas) writes: > >Another problem I have is that I would like to boot linux using >OS/2's boot manager. I have linux booting from the boot floppy now. >How can I setup linux to boot off the hard drive using OS/2's >boot manager? It's been a _long_ time since I did this, but this is the general idea: 1. Create the partition using OS/2 fdisk. This is important. Create a DOS partition (primary or extended, it doesn't matter). 2. Install Linux, using Linux' fdisk to change the partition id to ext2. Then, 'mke2fs', etc. 3. Install LILO v. 0.9 or 0.12, just use the QuickInst script to install on the Linux partition. 4. Go back and use OS/2 fdisk to 'add to Boot Mgr menu'. (You may need to do step 4 as part of step 1. I can't remember....) -- J. Alan Eldridge (alane@wozzle.linet.org) ------------------------------ Crossposted-To: comp.unix.admin From: tommy@aladdin.att.com (Tommy Reingold) Subject: Re: [Summary] /etc/shutdown by non-root Reply-To: tommy@aladdin.att.com Date: Thu, 30 Sep 1993 12:40:42 GMT fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) writes: > >Animal# cat suidroot > >#!/bin/sh > >echo Hah! You\'re not root! > [... and then shows how a cracker could exploit sh's -i option ...] > > > > Does this convince you that a suid root script, with any name, > >can be used to become root, even if the shell that executes it is not > >suid root? > It convinces me that _that particular_ suid root script can be > used to become root. But it doesn't convince me that _any_ suid root > script can be used to become root. As with *all* setuid programs, > you need to be careful, regardless of whether it is a shell script > or a C program. The fact that you say this exposes the fact that you don't know why the little one liner shell script is insecure. The contents of the script are not insecure. The fact that the -i command invoking a script makes the shell run as an interactive shell INSTEAD of executing the commands in the shell script. Again, this is regardless of the contents of the script. > The following C program would be just as insecure: > main() { system("echo Hah! You're not root!"); } No it would not because this C program doesn't do anything with a -i option. > On the other hand, supposing that your operating system and shell support > secure setuid scripts, then > #!/bin/sh - > /bin/echo Hah! You\'re not root! > would be quite safe. Yes, but most versions of unix do not support secure setuid scripts, so promoting them is a bad idea. If your experience is limited to Linux and then think it applies to the other versions of unix out there, you might give very bad advice to people using most versions of unix. -- Tommy Reingold AT&T Bell Labs, Red Hill Facility, NJ, USA tommy@aladdin.att.com or att!aladdin!tommy ------------------------------ Crossposted-To: comp.unix.admin From: tommy@aladdin.att.com (Tommy Reingold) Subject: Re: [Summary] /etc/shutdown by non-root Reply-To: tommy@aladdin.att.com Date: Thu, 30 Sep 1993 12:46:03 GMT fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) writes: > Then supposing as I said above that your shell supports secure setuid > scripts, it will ignore the environment value of IFS. The standard > /bin/sh on Linux (bash) does not honour the environment setting of IFS, > so this will not be a problem on Linux. > >Are you going to require the kernel to clear the environment before calling > >setuid shell scripts?? This is a groddy hack to have to put in a kernel, > >and definitly shouldn't have to be in the shell either. > All the shell has to ensure is that if it uses environment variables, > it does so in a way that allows setuid scripts to safely initialize their > environment. This is hardly much to ask. Ensuring this for bash 1.12 > required only a one-line change. As I said in an article I posted a minute ago, setuid scripts are insecure not because of what you put in them. They are insecure even if they have no commands or just an echo statement. This is because of various behaviors of shells (not shell scripts). For example, in most versions of unix, /bin/sh will execute your .profile if it is invoked with a '-' as the first character of argv[0]. So if a mortal user makes a symbolic link to a setuid shell script with a name starting with '-', his .profile will run BEFORE the shell even opens the setuid shell script. It will run .profile as root. And any environment checking the setuid shell script does will happen AFTER .profile gets run as root. So the user can put whatever destructive commands he wants in his .profile. Never mind that this is not a problem on some versions of unix. It's a big problem on many versions and ignoring this fact does not make it less true. -- Tommy Reingold AT&T Bell Labs, Red Hill Facility, NJ, USA tommy@aladdin.att.com or att!aladdin!tommy ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************