From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Mon, 4 Oct 93 19:38:46 EDT Subject: Linux-Admin Digest #90 Linux-Admin Digest #90, Volume #1 Mon, 4 Oct 93 19:38:46 EDT Contents: video cards (Keith A Grider) Re: video cards (Daniel Linder) Setting up SLIP gateways and PLIP (Shockadelica) Re: umount of root at shutdown (K. van Houten) Re: Linux 0.99.12 mountd problems (Joachim Hoenig) Linux 0.99.13 unknown blk device (Gratien D'haese SE121) Re: Setting up SLIP gateways and PLIP (Tommy Thorn) Re: [Summary] /etc/shutdown by non-root (Fergus James HENDERSON) Re: [Summary] /etc/shutdown by non-root (Fergus James HENDERSON) Re: routing 2 networks ??? (Ian Wells) Backup tools for Linux (Kevin Ho 572-8615 D304) syslog doesn't know timezone (Dan McGuirk) Re: [Summary] /etc/shutdown by non-root (Gonzalo Perez Castro) ---------------------------------------------------------------------------- From: kgrider@magnus.acs.ohio-state.edu (Keith A Grider) Subject: video cards Date: 3 Oct 1993 23:21:25 GMT hi linux experts, i am in n eed of an 'accelerated' video card. could you help me make the right decision, ie. which ones work best with linux? thanks, keith grider -- __________________________________________________________________________ Keith Grider 'everybody wants prosthetic foreheads kgrider@magnus.acs.ohio-state.edu on their real heads' They Might Be Giants ------------------------------ From: dlinder@cse.unl.edu (Daniel Linder) Subject: Re: video cards Date: 3 Oct 1993 23:44:17 GMT kgrider@magnus.acs.ohio-state.edu (Keith A Grider) writes: >i am in n eed of an 'accelerated' video card. could you help me make the right >decision, ie. which ones work best with linux? I have been using a STB Powergraph X24 for the past couple months and it seems to work great. I can't say what its speed is since the machine is a 386SX-16, but it does work right out of the box... The STB X24 is an S3 801 card, and I think they have a localbus version also. I purchased mine toward the end of summer for around $130US, but I have heard that they have gone down in price since then. Dan -- | Dan Linder - Comp. Eng. - Senior |"If there's nothing wrong with me, | | dlinder@cse.unl.edu | there must be something wrong with | | University of Nebraska - Lincoln | the universe!" Bev Crusher-Remember Me | | Disclaimer: My university does not listen to me, why would I speak for them? | ------------------------------ From: root@Brindisi.Rose-Hulman.Edu (Shockadelica) Subject: Setting up SLIP gateways and PLIP Date: 28 Sep 1993 03:03:52 GMT I was wondering if anyone has or knows how to setup a SLIP gateway via linux. My roommates and I are trying to hook up their Amigas with AmiTCP. We have slip working, but before we can petition the school to give them ip addresses (as I'm the only one with a net connection), we'd like to know if being a gateway was possible. On a side note, has anyone gotten PLIP to work....at all? I keep getting device timeouts and a screen full of garbage... -- Christopher Seawood root@seawoocl.student.rose-hulman.edu ------------------------------ From: houten@pcssdc.pttnwb.nl (K. van Houten) Subject: Re: umount of root at shutdown Date: Mon, 4 Oct 1993 06:51:07 GMT In article , sct@dcs.ed.ac.uk (Stephen Tweedie) writes: |> |> Hi, |> |> > Even after downloading the latest kernel and bootutils and sysvinit |> > I am still being told that root is unclean when booting up. |> |> > If I modify inittab and set up a single user mode then I find that |> > after the shutdown, all filesystems have been unmounted and root is |> > read only. |> |> > Why would root not be marked clean? Is there some vital instruction |> > that I am not issuing? I got the impression from the bootutils docs |> > that if root was read only then it would be marked clean. |> |> Two things to make sure of: you must be booting with your root |> partition readonly, and you must be using at least version 0.3 of |> e2fsck. I had the same problem, but the clue is: fsck only marks the partition clean, when called WITH the '-a' flag, otherwise it only checks 'read-only'. -- Karel van Houten, DOMAIN: houten@pttnwb.nl PTT Telecom b.v. UUCP: uunet!mcsun!sun4nl!pttdis!houten 's-Gravenhage, The Netherlands VOICE: +31 70 3434947 ------------------------------ From: hoenig@immd3.informatik.uni-erlangen.de (Joachim Hoenig) Subject: Re: Linux 0.99.12 mountd problems Date: Mon, 4 Oct 1993 08:18:57 GMT neonakis@terpsi.csi.forth.gr (E.A.Neonakis) writes: >Since upgrading to Linux 0.99.12 (via SLS 1.03) the mountd process is very >unstable. It sometimes accepts the first mount request from 0.99.10 Linux >box and then stops responding altough the mountd process still exists. >The PC executing trying to mount reports rpc time out while on the >server the rpcinfo reports before the first mount attempt: > program 100005 version 1 ready and waiting >but after it it reports: > rpc info: RPC: Timed out > program 100005 version 0 is not available >Such problems did not exist when the server was running 0.99.6 Yes. I have the same problem (0.99.12, SLS 1.03). The mountd on the server machine seems to go in 9 out of 10 mount requests. Moreover, if a mount request succeeds, the fs is always mounted read-only, even if the exports file says (rw). >Any advice would be greatly appreciated. Right. Joachim ------------------------------ From: gdha@se.alcbel.be (Gratien D'haese SE121) Subject: Linux 0.99.13 unknown blk device Date: 4 Oct 93 10:48:15 GMT Reply-To: gdha@se.alcbel.be Hey everybody, I'm trying to rebuild my new kernel Linux 0.99.13 for support of the 3C509 ethernet card. But I keep stumpling over an "unknown blk devive" error. make depend returns with the following: In file included from loop.c:27: blk.h:193: #error "unknown blk devive" In file included from sbpcd.c:175: blk.h:193: #error "unknown blk devive" make[3]: *** [dep] Error 1 the files loop.c, sbpcd.c and blk.h can be found in kernel/blk_drv. I tried several 'make config' and 'make dep' with the same result. I disabled SCSI and enabled networking with the 3C509 card enabled only. Any ideas? Regards/Gratien -- ______ Gratien D'haese Switching Systems Division se121 \ / Alcatel F. Wellesplein 1, B-2018 Antwerpen \ / Bell Internet: gdha@se.alcbel.be Phone: (32) 3 240 94 51 \/ Telephone Alcanet: btmx.dhaeseg Fax: (32) 3 240 99 50 ------------------------------ From: tthorn@daimi.aau.dk (Tommy Thorn) Subject: Re: Setting up SLIP gateways and PLIP Date: 4 Oct 1993 12:44:12 +0100 root@Brindisi.Rose-Hulman.Edu (Shockadelica) writes: >On a side note, has anyone gotten PLIP to work....at all? >I keep getting device timeouts and a screen full of garbage... PLIP doesn't work in vanilla Linux 0.99.13. The new Net2E is in beta test, and PLIP works there (at least it did in alpha 4, which I use.) Join the NET channel, or better wait just a little longer. /Tommy Thorn -- Tommy.Thorn@daimi.aau.dk | If you use a PC consider upgrading to a real OS. ======================== | Linux is Posix (Unix). It has GCC,Emacs,X11,TCP,NFS, *L*I*N*U*X* Fanatic (tm) | Doc,Interviews,Prolog...(you name it) and it's free! ------------------------------ Crossposted-To: comp.unix.admin From: fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) Subject: Re: [Summary] /etc/shutdown by non-root Date: Mon, 4 Oct 1993 15:38:29 GMT tommy@aladdin.att.com (Tommy Reingold) writes: >fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) writes: > >> [someone else writes:] >> >#!/bin/sh >> >echo Hah! You\'re not root! >> [... and then shows how a cracker could exploit sh's -i option ...] >> >> It convinces me that _that particular_ suid root script can be >> used to become root. But it doesn't convince me that _any_ suid root >> script can be used to become root. As with *all* setuid programs, >> you need to be careful, regardless of whether it is a shell script >> or a C program. > >The fact that you say this exposes the fact that you don't know why the >little one liner shell script is insecure. That is quite simply not correct, and is verging on personal insult. >The contents of the script >are not insecure. The fact that the -i command invoking a script makes >the shell run as an interactive shell INSTEAD of executing the commands >in the shell script. Again, this is regardless of the contents of the >script. It _IS_ the contents of the script, because if the script started with #!/bin/sh - instead of #!/bin/sh then the -i command would not give you an interactive shell. >> The following C program would be just as insecure: > >> main() { system("echo Hah! You're not root!"); } > >No it would not because this C program doesn't do anything with a -i >option. Yes, but this C program might invoke ./echo instead of /bin/echo. The point being that you can have problems in any programming language. >> On the other hand, supposing that your operating system and shell support >> secure setuid scripts, then > >> #!/bin/sh - >> /bin/echo Hah! You\'re not root! > >> would be quite safe. > >Yes, but most versions of unix do not support secure setuid scripts, so >promoting them is a bad idea. If your experience is limited to Linux >and then think it applies to the other versions of unix out there, you >might give very bad advice to people using most versions of unix. I'm NOT promoting them in general. My experience is not limited to Linux. I'm just correcting some of the misinformation that has been put forth in this thread, and pointing out that just becomes _most_ versions of unix do things badly, doesn't mean that _all_ versions do. In fact I don't think I've given anybody any advice whatsoever in this thread as yet, but let me start now, just to clear up any misconceptions: If you are using a unix system that doesn't support secure setuid scripts, then of course don't use them! If you need to be portable, then don't use them. But if you are on a system which does support them, and you don't need to be portable, then it's worth considering. Of course, as with any setuid program, you will still have to be very careful, and it may in some cases be easier to write it in C. If you are writing a scripting language, then give some consideration to setuid scripts - ensure that it should be possible to write secure setuid scripts in you language, presuming that the kernel supports it. If you want, support secure setuid scripts even if the kernel doesn't support it (as is done by perl). If you are developing a unix system, then put support for setuid script in your kernel, but configure it out by default. Advise your users about the risks of setuid scripts / insecure shells, and let them make their own decision. Provide a utility which detects obviously insecure setuid scripts (scripts which are vulnerable to -i, scripts which don't use a shell known to be secure, sh scripts that don't set PATH, etc.) so that users who decided to enable the setuid script support in the kernel can ensure that they don't make any of the obvious mistakes. -- Fergus Henderson fjh@munta.cs.mu.OZ.AU ------------------------------ Crossposted-To: comp.unix.admin From: fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) Subject: Re: [Summary] /etc/shutdown by non-root Date: Mon, 4 Oct 1993 15:37:12 GMT tommy@aladdin.att.com (Tommy Reingold) writes: >fjh@munta.cs.mu.OZ.AU (Fergus James HENDERSON) writes: > >> Then supposing as I said above that your shell supports secure setuid >> scripts[...] > >As I said in an article I posted a minute ago, setuid scripts are >insecure not because of what you put in them. They are insecure even >if they have no commands or just an echo statement. This is because of >various behaviors of shells (not shell scripts). That's why I said SUPPOSING YOUR SYSTEM SUPPORTS SECURE SETUID SCRIPTS. Sheesh. >For example, in most versions of unix, /bin/sh will execute your >.profile if it is invoked with a '-' as the first character of >argv[0]. So if a mortal user makes a symbolic link to a setuid shell >script with a name starting with '-', his .profile will run BEFORE the >shell even opens the setuid shell script. This is completely wrong. Have you actually tried this? The shell would get invoked with '-' as the first character of argv[1] not argv[0]. >Never mind that this is not a problem on some versions of unix. It's a >big problem on many versions and ignoring this fact does not make it >less true. I'm NOT ignoring it. I'm not suggesting that people use setuid scripts on systems which don't support secure setuid scripts. What I am pointing out is that just because some versions of unix aren't as good as say Linux doesn't mean that all of us have to stick to the lowest common denominator. -- Fergus Henderson fjh@munta.cs.mu.OZ.AU ------------------------------ From: ijw@bob.cambustion.co.uk (Ian Wells) Crossposted-To: comp.os.linux.help Subject: Re: routing 2 networks ??? Date: 04 Oct 1993 17:17:29 GMT In article ado@ibg1.gtn.com (Christoph Adomeit) writes: Hi everybody, following problem: I have an internal net, class C, ip 200.200.200.0 (nothing to do with a real existing net). When I use 200.200.200.1 to connect via slip to the real existing 192.109.159.1 I have to be 192.109.159.132. How can I do that ? You have to set up the SLIP interface to be 192.109.159.132 and the other interface (presumably Ethernet) to be 200.200.200.1. Then everything will work fine. You might find it easier to use, though, if you give the two interfaces different names. At home, we have a similar arrangement: nsict.demon.co.uk is a PPP interface on the connecting machine, and taki.nsict.org is an internal name for the Econet interface (yes, Acorn Econet - it's an Archimedes running RISCiX, which unfortunately means that my Linux box is left out in the cold... 8-( ). It would be fantastic if I can furthermore connect from 200.200.200.10 to any existing host in the internet. Is that possible ? Nope. Unless your class C network is registered on the Internet, then no-one's going to know where to send packets to you. And that tends to cost a lot of money. The simple answer is to keep routing switched off on your gateway box and telnet into it with other machines when you want to talk to the outside world. Ian. ------------------------------ From: kimh@niccolo.gsfc.nasa.gov (Kevin Ho 572-8615 D304) Subject: Backup tools for Linux Date: 4 Oct 1993 17:32:39 GMT Hello world: I wonder if there is any backup tools for Linux besides cpio. I use dump to perform backup on SUN workstations and it is very good backup tool. I thought of tar but somtimes tar does not backup symbolic links. Also, I have to backup my Linux PC to a remote SUN since I don't have a tape drive. I don't know if cpio allow me to do that. I know that dump does allow me to perform backup to a remote drive. I would greatly appreciate your time to help me locate a handy backup tool. Thanks. Kevin e-mail: kimh@niccolo.gsfc.nasa.gov ------------------------------ From: djm@dan.uucp (Dan McGuirk) Subject: syslog doesn't know timezone Date: Mon, 4 Oct 1993 18:10:28 GMT I'm having a problem with syslog screwing up my timezone on some messages. For most messages, I get the local time in the log files. But for any "ROOT LOGIN" messages, the time comes out in UTC, 7 hours ahead of local time. This makes for some very confusing logs... Anyone know what I don't have configured correctly? -- Dan McGuirk Linux. Because we care. -->please reply to: djm@asu.edu<-- ------------------------------ Crossposted-To: comp.unix.admin From: gperez@tortel.dcc.uchile.cl (Gonzalo Perez Castro) Subject: Re: [Summary] /etc/shutdown by non-root Date: Mon, 04 Oct 1993 20:18:31 GMT 2nd Request: Can anybody send me this Summary please? Many thanks. ======= Gonzalo Perez C. gperez@dcc.uchile.cl Dept. of Computer Science. University of Chile. Chile. [ Carpe Quota. ] ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************