Re: security/installation question regarding plan
"Colin R. Telmer" <[EMAIL PROTECTED]> writes: [snip] > Also, netplan only reads and writes to > > LIB/netplan.dir the directory that netplan puts files into, and the only > directory that netplan will read from (see Network > Security). > > where LIB under the vanilla installation would be /usr/local/lib. [snip] > Questions: > 1) What is /var/lib/netplan used for? It seems to me that the only >directory that is needed for netplan is /usr/lib/plan/netplan.dir. The idea of the separate /usr and /var is so that I could change /etc/fstab to include something like the following, and I wouldn't notice: /dev/hda5 /usr ext2 ro 0 2 If netplan writes to /usr/lib/netplan.dir, it would break with these settings. -- Carey Evans <*> [EMAIL PROTECTED] "Lies, damn lies, and computer documentation." -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Shadow Paper available from the web now.
Greets, I've finally managed to key in my '92 security paper on Shadow. You can find it at http://www.tab.com/~jfh/shadow-paper.html As I get some time to go over how things have changed in the last 5 years I intend to update it. My next Shadow-related project is cleaning up the documentation I started for the Trusted Subsystem evaluation I started a couple of years ago. There are a few really worthwhile documents a system administrator might enjoy in there. -- Julianne Frances Haugh Feminism: mailto:[EMAIL PROTECTED] The belief (considered radical by http://www.tab.com/~jfhsome) that women are people, too. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Debian's "Modify & Redistribute" Policy
[EMAIL PROTECTED] (Brian White) wrote on 05.06.97 in <[EMAIL PROTECTED]>: > I can understand Debian making policy that none of the core system will > depend on such packages, but I don't see any advantage to simply disallowing > such copyrights from the main distribution. With respect to copyrights, the core system is the same as the main distribution. WRT copyrights, we have four areas: Completely free stuff, main distribution Stuff that has problems with distributions, non-free Stuff that's not completely free, but has no distribution problems, contrib Stuff that we cannot distribute, nowhere And I think adding more distinctions would be very unwise. MfG Kai -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: cygwin.dll license (was Re: FreeQt ?)
[EMAIL PROTECTED] (Jim Pick) wrote on 01.06.97 in <[EMAIL PROTECTED]>: > > Yes, very limiting. The code actually cannot be linked statically! > > Can't be linked dynamically either... read the GPL. Can too. Read the law. The GPL _cannot_ restrict someone from doing that, regardless of what they put in it. MfG Kai -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Upcoming Debian Releases
[EMAIL PROTECTED] (Tom Lees) wrote on 02.06.97 in <[EMAIL PROTECTED]>: > On 30 May 1997, Kai Henningsen wrote: > > > [EMAIL PROTECTED] (Tom Lees) wrote on 27.05.97 in > > <[EMAIL PROTECTED]>: > > > > > There are ways to avoid this. For example, modify dpkg not to include > > > any line with "config=yes" in it in the md5sum of certain files. > > > > This is a troll, right? > > Wrong. Well, it should be. > > Or maybe you have forgotten how conffiles are actually handled: > > > > (old=original install, new=this install, current=possibly edited version) > > > > If old md5 = new md5, ignore new file (package unchanged) > > If old md5 = current md5, install new file (conffile was not edited) > > > otherwise, prompt (both changed) > > > > Your change would mean that in case 2, dpkg would have to figure out how > > to put the variables from the old script into the new one. > > But, for a package which adds config info, the new md5 != the old md5. > Therefore, it would ask! No. While the new md5 != the old, we still have the old = the current, and so dpkg will NOT ask, but silently upgrade. At least that's how it currently works, and also how it ought to work. I certainly don't want to be asked to upgrade a conffile that I never even looked at. > non-cfgtool md5 != cfgtoolized md5: old md5 != new md5. > local file not modified: update anyway to use new cfgtool version. > local file modified: > > cfgtool md5 == cfgtool md5: old md5=new md5 > local file "not modified" (enough) - install new > THEN, update from cfg database. > > See, it does work. No, it doesn't. You forget that there are three md5 sums / file versions involved, not two - *even though you quote me explaining it*! MfG Kai -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: FreeQt ?
[EMAIL PROTECTED] (Jim Pick) wrote on 02.06.97 in <[EMAIL PROTECTED]>: > I shouldn't have said 'dropping'. I don't think they are throwing any of > the old code out. But they are switching to Java as the primary language > which they are pushing. All of the NextStep API's will be 100% accessible Actually, that's not true. > from Java (if they aren't already). Makes sense, since Java ripped off Yes, from Java, and from Objective-C, and from C++, and probably also from Pascal. They are today already available from stuff like Perl, as well. The interesting thing is, with Objective C, you can actually subclass foreign objects in both directions in many of these cases (similar to what SOM did under OpenDoc). I guess most developers will probably use C++, even though that's the worst language from those supported. MfG Kai -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
`cgiwrap` packaged
I've packaged `cgiwrap`, which makes it so ordinary users can safely run CGI scripts. The scripts run SUID/SGID the user who owns the script, and thus have full access to that persons files, and no permissions on things that user normally doesn't have. I am reading the policy manual right now; if anyone would like to look over the .deb, it's available through the URL in my .signature. -- Karl M. Hegbloom <[EMAIL PROTECTED]> http://www.inetarena.com/~karlheg Portland, OR USA Debian GNU 1.3 Linux 2.1.36 AMD K5 PR-133 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: cygwin.dll license (was Re: FreeQt ?)
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Kai Henningsen) writes: >> Can't be linked dynamically either... read the GPL. > > Can too. Read the law. > > The GPL _cannot_ restrict someone from doing that, regardless of what they > put in it. Although they _can_ restrict you from using the header files.
Re: cygwin.dll license (was Re: FreeQt ?)
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Kai Henningsen) writes: > [EMAIL PROTECTED] (Jim Pick) wrote on 01.06.97 in <[EMAIL PROTECTED]>: > > > > Yes, very limiting. The code actually cannot be linked statically! > > > > Can't be linked dynamically either... read the GPL. > > Can too. Read the law. That is your opinion, the FSF's opinion is different. The FSF has shown that it is willing to defend their opinion, even if it means going to court. Unless you are also willing to go to court to defend your opinion, I think I'll side with the FSF interpretation for now. (Not that I think it's right, but I have better ways to spend my money...) -wayne -- Wayne Schlitt can not assert the truth of all statements in this article and still be consistent. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: `cgiwrap` packaged
Yes yes yes *Please* include this in the main distribution!!! On Sat, 7 Jun 1997, Karl M. Hegbloom wrote: > I've packaged `cgiwrap`, which makes it so ordinary users can safely > run CGI scripts. The scripts run SUID/SGID the user who owns the -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: `cgiwrap` packaged
In article <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote: > >Yes yes yes *Please* include this in the main distribution!!! > >On Sat, 7 Jun 1997, Karl M. Hegbloom wrote: > >> I've packaged `cgiwrap`, which makes it so ordinary users can safely >> run CGI scripts. The scripts run SUID/SGID the user who owns the I saw an announcement of apache-1.2. That WWW server includes SuExec, which does what you want AFAIK (gonna try it myself next week) Mike. -- | Miquel van Smoorenburg | "I need more space" "Well, why not move to Texas" | | [EMAIL PROTECTED] | "No, on my account, stupid." "Stupid? Uh-oh.."| | PGP fingerprint: FE 66 52 4F CD 59 A5 36 7F 39 8B 20 F1 D6 74 02 | -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: `cgiwrap` packaged
On 7 Jun 1997, Miquel van Smoorenburg wrote: > I saw an announcement of apache-1.2. That WWW server includes SuExec, > which does what you want AFAIK (gonna try it myself next week) Wall, in that case, please make sure its turned on by default. I wanna just install apache, and bEwM! My users can act as if cgiwrap was already installed w/no configuration from me. SirDibos -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
