Re: Advice needed : Oracle and Debian Linux
Michael Meskes <[EMAIL PROTECTED]> writes: > On Fri, Jun 20, 2003 at 12:53:34AM +1000, Russell Coker wrote: >> As for the support people, I don't think that necessarily makes it >> impossible. >> If you started up a company to produce a commercial distribution based on >> Debian for running Oracle then having your people answer the phones at >> Oracle >> would be good for business... > > Not really. These people are on your pay roll but do not generate any > revenue. So you have to have a lot of people busing this distro to run > Oracle to make it work. If you charge per incident or such, then those people would generate revenue. Also, the ability to advertise that you have people at Oracle answering questions could help generate revenue as well. Basically, the assumption is that you would construct your business plan so that it was good for business :-) Kevin pgphz6BJiSkod.pgp Description: PGP signature
Re: proposal: per-user temporary directories on by default?
Tollef Fog Heen <[EMAIL PROTECTED]> writes:
> ATM, TMPDIR is defined using #define in libpam-tmpdir's source.
> Patches for having that as a run-time configuration are accepted.
Attached is a patch to allow you to specify TMPDIR in the relevent
pam.d file, like so:
session optional pam_tmpdir.so tmpdir=/tmp/users
It does not (yet) expand ~, $HOME, or the like. I'd like someone to
look it over to make sure I didn't open any security holes or cause
any stupid bugs. (I do realise that it trusts the contents of the
pam.d file... not sure how paranoid to be about that.)
Thanks,
Kevin
Index: pam-tmpdir-helper.c
===
--- pam-tmpdir-helper.c (revision 1)
+++ pam-tmpdir-helper.c (working copy)
@@ -27,6 +27,8 @@
#define SYSUSRTMP "/tmp/user"
+char *tmpdir;
+
/* some syslogging */
static void _log_err(int err, const char *format, ...)
@@ -47,48 +49,48 @@
struct stat statbuf;
mode_t old_umask;
- ret = lstat(SYSUSRTMP,&statbuf);
+ ret = lstat(tmpdir,&statbuf);
if (ret == -1 && errno != ENOENT) {
-snprintf(logbuf,sizeof logbuf,"lstat SYSUSRTMP failed: %s\n", strerror(errno));
+snprintf(logbuf,sizeof logbuf,"lstat tmpdir failed: %s\n", strerror(errno));
_log_err(LOG_NOTICE, "%s", logbuf);
return 1;
} else if (ret != -1 && statbuf.st_uid != 0) {
/* Somebody else than root has grabbed /tmp/user. Bad, bad, bad. */
snprintf(logbuf,sizeof logbuf,"%s is owned by uid %d instead of root "
- "(uid 0). Failed to create safe $TMPDIR\n", SYSUSRTMP,
+ "(uid 0). Failed to create safe $TMPDIR\n", tmpdir,
statbuf.st_uid);
_log_err(LOG_ERR, "%s", logbuf);
return 1;
} else if (ret != -1 && !S_ISDIR(statbuf.st_mode)) {
-snprintf(logbuf,sizeof logbuf,"%s is not a directory. Failed to create safe $TMPDIR\n", SYSUSRTMP);
+snprintf(logbuf,sizeof logbuf,"%s is not a directory. Failed to create safe $TMPDIR\n", tmpdir);
_log_err(LOG_NOTICE, "%s", logbuf);
return 1;
} else if (ret != -1 && ((statbuf.st_mode & S_IWGRP) || (statbuf.st_mode & S_IWOTH))) {
snprintf(logbuf,sizeof logbuf,"%s is group or world writable. "
- "Failed to create safe $TMPDIR\n", SYSUSRTMP);
+ "Failed to create safe $TMPDIR\n", tmpdir);
_log_err(LOG_NOTICE, "%s", logbuf);
return 1;
} else if (ret != -1 && !(statbuf.st_mode & S_IXOTH)) {
snprintf(logbuf,sizeof logbuf,"%s is not world searchable. "
- "Failed to create safe $TMPDIR\n", SYSUSRTMP);
+ "Failed to create safe $TMPDIR\n", tmpdir);
_log_err(LOG_NOTICE, "%s", logbuf);
return 1;
} else if (ret == -1 && errno == ENOENT) {
old_umask = umask();
-if (mkdir(SYSUSRTMP,0711) == -1) {
- snprintf(logbuf,sizeof logbuf,"mkdir SYSUSRTMP failed: %s\n", strerror(errno));
+if (mkdir(tmpdir,0711) == -1) {
+ snprintf(logbuf,sizeof logbuf,"mkdir tmpdir failed: %s\n", strerror(errno));
_log_err(LOG_NOTICE, "%s", logbuf);
return 1;
}
umask(old_umask);
-if (chown(SYSUSRTMP,0,0) == -1) {
- snprintf(logbuf,sizeof logbuf,"chown 0:0 SYSUSRTMP failed: %s\n", strerror(errno));
+if (chown(tmpdir,0,0) == -1) {
+ snprintf(logbuf,sizeof logbuf,"chown 0:0 tmpdir failed: %s\n", strerror(errno));
_log_err(LOG_NOTICE, "%s", logbuf);
return 1;
}
}
- if (snprintf(buf, sizeof buf, "%s/%d",SYSUSRTMP,getuid()) == -1) {
+ if (snprintf(buf, sizeof buf, "%s/%d",tmpdir,getuid()) == -1) {
return 1;
}
ret = lstat(buf,&statbuf);
@@ -131,5 +133,29 @@
}
int main(int argc, char **argv) {
+ /* Parse our command line arguments. We assume that
+ * we will either receive one argument (the tmpdir path),
+ * or none at all (in which case, we set tmpdir to be SYSUSRTMP).
+ */
+
+ if (argc == 2) {
+ if ((tmpdir = malloc(strlen(argv[1]) + 1)) == NULL) {
+ _log_err(LOG_ERR, "malloc failed. Out of memory.");
+ return 1;
+ }
+ strcpy(tmpdir, argv[1]);
+ } else if (argc == 1) {
+ if ((tmpdir = malloc(strlen(SYSUSRTMP) + 1)) == NULL) {
+ _log_err(LOG_ERR, "malloc failed. Out of memory.");
+ return 1;
+ }
+ strcpy(tmpdir, SYSUSRTMP);
+ } else {
+ _log_err(LOG_ERR, "Incorrect number of arguments. Giving up.");
+ return 1;
+ }
+
+ /* At this point, tmpdir should contain a valid TMPDIR path. */
+
return make_tmp_directory();
}
Index: pam_tmpdir.c
===
--- pam_tmpdir.c (revision 1)
+++ pam_tmpdir.c (working copy)
@@ -43,7 +43,10 @@
#define SYSUSRTMP "/tmp/user"
#define PAM_TMPDIR_HELPER "/sbin/pam-tmpdir-helper"
+#define TMPDIR_INTRO "tmpdir="
+char *tmpdir = NULL;
+
static int set_environment(pam_handle_t *pamh);
static int make_tmp_directory(pam_handle_t *pamh);
@@ -85,16 +88,45 @@
#define PAM_ENV_SILENT 0x04
#define PAM_NEW_ENV_FILE0x10
+static int set_tmpdir(int argc, c
Re: proposal: per-user temporary directories on by default?
Tollef Fog Heen <[EMAIL PROTECTED]> writes: > ATM, TMPDIR is defined using #define in libpam-tmpdir's source. > Patches for having that as a run-time configuration are accepted. I recently posted to debian-devel a patch to do this (not sure whether you saw it or not). However, at the time, I didn't realise that /sbin/pam-tmpdir-helper was a setuid root program. Purely my fault; I didn't check. Anyway, that patch opens up a security hole[1], so please don't apply it. Thanks, Kevin [1] My solution as to how to get the path from libpam-tmpdir to pam-tmpdir-helper was to pass it on the command line. But, since anyone can run pam-tmpdir-helper, anyone can create any tmpdir they like anywhere on the system. Very bad. pgpys4KpeW8AX.pgp Description: PGP signature
Re: proposal: per-user temporary directories on by default?
Tollef Fog Heen <[EMAIL PROTECTED]> writes: > * Kevin Kreamer > [...] > > | [1] My solution as to how to get the path from libpam-tmpdir to > | pam-tmpdir-helper was to pass it on the command line. But, since > | anyone can run pam-tmpdir-helper, anyone can create any tmpdir they > | like anywhere on the system. Very bad. > > Adding a sanity check that the base directory is owned by root, would > that suffice? > > I think I'll have to think about this a little. Ok, I've done some thinking on this as well, and this is what I've come up with. I don't think making sure that the base directory is owned by root will protect you, as that would still allow an attacker to put a tmpdir in most system areas. What we really need is to make sure that the tmpdir is created where the admin wants, not where the user wants. Since the helper has to be setuid, and has to runnable by anyone (since the PAM stuff uses the permissions of whoever is logging in), we can't pass the path into the helper. It has to already know where to make the path. So, it seems to me that the best approach is to have both pam_tmpdir.so and the helper read the configuration file independently to find out where to put the tmpdir. However, since the helper won't know what service is being used, and therefore won't know which pam.d file to read, we'll have to use a completely independent config file (/etc/pam-tmpdir.conf or something like that). What do you think? Kevin pgpWqpo21fdOd.pgp Description: PGP signature
Re: Changes in formal naming for NetBSD porting effort(s)
[I am not subscribed to debian-bsd.] On Dec 17, 2003, at 10:20, Branden Robinson wrote: Given that we're going to be saddled with with a comprehension problem anyway, I say we abandon the effort to be descriptive in the product name. I proposed having a correlation between the first letter of the product name and the underlying BSD variant simply as a mnemonic convenience for people who already know what the products are supposed to be. We don't have to *completely* give up the effort to be descriptive. How about just calling it: Debian GNU/NBSD Debian GNU/FBSD Debian GNU/OBSD (if there's ever an OpenBSD port) It would have the advantage of being recognizable to most people, without actually using 'NetBSD' or so anywhere in the name. [ The following suggestion is possibly flameworthy. Please consider the above separate from the below. ] In the case of a NetBSD libc, you could use Debian NBSD/NBSD basically having the first half signify which libc is used. However, if Debian is always going to use the GNU/ prefix, then perhaps make it something like Debian GNU/NBSD/NBSD with the third part signifying the libc used. Kevin
Re: security in testing
Steve Langasek <[EMAIL PROTECTED]> writes: > So where does that leave us? If none of the people who are in a > position to approve packages for inclusion in testing or > testing-security are willing to commit resources to doing so, it seems > the only other option that could have an effect is to submit a patch to > the website, to add a skull and crossbones everywhere that testing is > mentioned. Disclaimer: I'm just a lowly user. If testing is just a release tool that isn't supposed to be used until a freeze, why is it being offered up for use? Wouldn't it be better all around (disk space on mirrors, support questions about testing, rooted boxes, threads like this, and such) to have the testing scripts work on a private pool on some debian machine somewhere and not mirrored out to the world? Another question: does Debian provide to developers access to machines on all 11 arches for building packages? -- Kevin pgpMJGPkyQ1wy.pgp Description: PGP signature
Re: doc-html-w3
On Sat, Sep 22, 2001 at 10:49:35PM -0500, Joseph Schlecht said: > I would like to change doc-html-w3's name to one that is more descriptive of > its current and potential contents. I think that the name of this package is > currently too narrow; besides HTML, indicated by the name, it also contains > CSS2, SMIL, XPATH and many other recommendations. What do you think? As a normal user, when I see doc-html-w3, I think of html-formatted documents about Emacs' w3 web browser. I think a name change would be appropriate, IMHO. > Here are a couple of the names I've been kicking around: >a) doc-w3 (most general, my favorite; perhaps even doc-w3c) >b) doc-markup-w3 (but this name excludes style: CSS2, XSLT, etc) >c) doc-w3c-recommend >d) [your suggestion here] doc-w3c looks best to me, but any would work as long as it is -w3c instead of -w3. Kevin -- Kevin Kreamer FsckIt on openprojects.net
