On Thu, Jun 09, 2005 at 04:50:21AM -0400, Charles Hallenbeck wrote:
> Hi Kevin,
> Forgive me for not ansering sooner...
>
> Here is a not-so-current background piece:
>
> http://www.hhs48.com/why_linux.html
>
> You can also get more current info at www.linux-speakup.org
>
> Many distributions
Hi Kevin,
Forgive me for not ansering sooner...
On Sat, 28 May 2005, Kevin Mark wrote:
Chuck
Hi Chuck,
Any time someone mentions 'speakup', it peeks my interest to know how
linux is advancing towards better support for people with vision
difficulties. Have you ever made a comparison between s
On Sat, May 28, 2005 at 01:39:54PM -0400, Selva Nair wrote:
> Date: Sat, 28 May 2005 13:39:54 -0400
> From: Selva Nair <[EMAIL PROTECTED]>
> Subject: Re: root compromise on debian woody
>
[snip]
> I was running debian 2.4.18-k7. Now I notice that there is another kernel
>
On 5/27/05, Alexei Chetroi <[EMAIL PROTECTED]> wrote:
> On Thu, May 26, 2005 at 09:01:37PM -0400, Selva Nair wrote:
> > Date: Thu, 26 May 2005 21:01:37 -0400
> > From: Selva Nair <[EMAIL PROTECTED]>
> > Subject: Re: root compromise on debian woody
snip
> &g
On Fri, May 27, 2005 at 05:59:08AM -0400, Charles Hallenbeck wrote:
> I am a newbie to Debian, a Slackware convert, but not a newbie
> otherwise. I compile my own kernels since I use a set of kernel patches
> to support speech synthesizer to the console, called "speakup". A
> precompiled kernel
On Friday May 27 2005 9:50 am, Sean Davis wrote:
> On Fri, May 27, 2005 at 10:43:11AM -0400, Carl Fink wrote:
> > On Fri, May 27, 2005 at 07:00:56AM -0400, Sean Davis wrote:
> > > *: Linux LOVES to swap. I swap all the time on my 1.8ghz Athlon
> > > XP with 1GB ram. However, my NetBSD machine with
Phil Dyer wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Joey Hess said:
>
> > Well to choose one security hole at random out of dozens to hundreds
> > that remain unfixed in woody's kernels, this one allows anyone to go from
> > a normal user account to root:
> >
> > CAN-2005-1263
Incoming from Sean Davis:
>
> disk I/O. If I understand your argument correctly, an accurate analogy would
> be leaving your car running 24/7 just so that you don't have to start it the
> next time you want to drive somewhere. Would you do that? no.
I'm not sure how relevant it is, but this is ho
On Fri, May 27, 2005 at 10:43:11AM -0400, Carl Fink wrote:
> On Fri, May 27, 2005 at 07:00:56AM -0400, Sean Davis wrote:
>
> > *: Linux LOVES to swap. I swap all the time on my 1.8ghz Athlon XP with 1GB
> > ram. However, my NetBSD machine with the same amount of ram running at the
> > same frequen
Sean Davis wrote:
I can tolerate the Debian environment, but when they can't decide
whether or
not to actually release Sarge
Well the RC bug count is still > 0, but it has dropped nearly 2/3 since
the last BTS, from ~90 to ~30.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Fri, May 27, 2005 at 07:00:56AM -0400, Sean Davis wrote:
> *: Linux LOVES to swap. I swap all the time on my 1.8ghz Athlon XP with 1GB
> ram. However, my NetBSD machine with the same amount of ram running at the
> same frequency NEVER swaps, due to the ability to tune the VM, and the
> better V
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joey Hess said:
> Well to choose one security hole at random out of dozens to hundreds
> that remain unfixed in woody's kernels, this one allows anyone to go from
> a normal user account to root:
>
> CAN-2005-1263 [Linux kernel ELF core dump privileg
On Fri, May 27, 2005 at 05:59:08AM -0400, Charles Hallenbeck wrote:
> I am a newbie to Debian, a Slackware convert, but not a newbie otherwise. I
> compile my own kernels since I use a set of kernel patches to support speech
> synthesizer to the console, called "speakup". A precompiled kernel for
On Fri, 27 May 2005, Roberto C. Sanchez wrote:
Chuck,
Please be sure and don't top post. It is considered bad list ettiquette
:-)
Sorry. My bad etiquette was not deleting the prior pieces of the thred.
If you are running a regular desktop, chances are that:
1) You are behond a firewall/r
On Thu, May 26, 2005 at 07:55:50PM -0700, Alvin Oga wrote:
>
> On Thu, 26 May 2005, Roberto C. Sanchez wrote:
>
> > On Thu, May 26, 2005 at 06:41:18PM -0700, Alvin Oga wrote:
> > >
> > > > > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> > > > > - kernel-source-2.6.11
On Fri, 27 May 2005, Charles Hallenbeck wrote:
> Oh well. I will just have to live on the edge and keep an eye out for
> problems. (okay, an ear!)
and keep a free finger floating around too :-)
always best to be on the leading edge with "new" problems than to
be on the trailing edge with known
I am a newbie to Debian, a Slackware convert, but not a newbie
otherwise. I compile my own kernels since I use a set of kernel patches
to support speech synthesizer to the console, called "speakup". A
precompiled kernel for 2.4.27 package got me started with an
installation disk, but I quickly
kamaraju kusumanchi wrote:
Thanks for sending the file. I tried it on sid and it is not giving
any root access for an ordinary user. Guess it is a problem with woody
or a particular kernel version then.
Strace it - what is it trying to do?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
w
On Thu, May 26, 2005 at 09:01:37PM -0400, Selva Nair wrote:
> Date: Thu, 26 May 2005 21:01:37 -0400
> From: Selva Nair <[EMAIL PROTECTED]>
> Subject: Re: root compromise on debian woody
>
> On 5/26/05, Joey Hess <[EMAIL PROTECTED]> wrote:
> > Selva Nair wrote:
Selva Nair wrote:
Hi michael, raju:
On 5/26/05, michael <[EMAIL PROTECTED]> wrote:
On Thu, 2005-05-26 at 17:16 -0400, kamaraju kusumanchi wrote:
Selva Nair wrote:
Looking through evidence left behind (bash_history etc..) I have
figured out that
the privilege escalation w
On Thu, 26 May 2005, Roberto C. Sanchez wrote:
> On Thu, May 26, 2005 at 06:41:18PM -0700, Alvin Oga wrote:
> >
> > > > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> > > > - kernel-source-2.6.11 2.6.11 2.6.11-4
> > > > - kernel-source-2.6.8 2.6.8-16
> > > >
Roberto C. Sanchez wrote:
As long as you make a concious decision to do this. Unfortunately, many
people go out and grab some package from the upstream site and then
think that the security updates will roll in along with all the other
apt-get stuff. They won't, but then you understand that.
On Fri, May 27, 2005 at 10:54:02AM +0800, Robert Vangel wrote:
> Roberto C. Sanchez wrote:
>
> >As far as the kernel, even Linus Torvalds himself, IIRC, has stated that
> >running kernels from kernel.org is not a good idea unless, 1) you are
> >testing the kernel and/or developing on it, or 2) you
Roberto C. Sanchez wrote:
As far as the kernel, even Linus Torvalds himself, IIRC, has stated that
running kernels from kernel.org is not a good idea unless, 1) you are
testing the kernel and/or developing on it, or 2) you are absolutely
100% certain that you know exactly what you are doing and
On Thu, May 26, 2005 at 06:41:18PM -0700, Alvin Oga wrote:
>
> > > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> > > - kernel-source-2.6.11 2.6.11 2.6.11-4
> > > - kernel-source-2.6.8 2.6.8-16
> > > - kernel-source-2.4.27 2.4.27-10
>
> always use the la
On Thu, 26 May 2005, Selva Nair wrote:
> On 5/26/05, Joey Hess <[EMAIL PROTECTED]> wrote:
> > Selva Nair wrote:
>
> > > I have taken the system off the net and am in the process of
> > > re-installing but the existence
> > > of such an easy to use and effective privilege escalation kit is
> > >
On 5/26/05, Joey Hess <[EMAIL PROTECTED]> wrote:
> Selva Nair wrote:
> >Looking through evidence left behind (bash_history etc..) I have
> > figured out that
> > the privilege escalation was achived using an executable that the
> > attacker downloaded
> > from the net. I have verified that th
On 5/26/05, Joey Hess <[EMAIL PROTECTED]> wrote:
> Selva Nair wrote:
> > I have taken the system off the net and am in the process of
> > re-installing but the existence
> > of such an easy to use and effective privilege escalation kit is
> > quite disturbing. As I have only access to the binary
Selva Nair wrote:
>One of my machines running debian woody (up to date with all
> security updates)
> was broken into yesterday. The attacker gained a normal user access possibly
> by
> cracking a weak password and then managed to get a root shell, install a
> rootkit etc...
>
>Looking
On Thu, 2005-05-26 at 17:16 -0400, kamaraju kusumanchi wrote:
> Selva Nair wrote:
>
> >Hi all,
> >
> > One of my machines running debian woody (up to date with all
> >security updates)
> >was broken into yesterday. The attacker gained a normal user access possibly
> >by
> >cracking a weak pass
Selva Nair wrote:
Hi all,
One of my machines running debian woody (up to date with all
security updates)
was broken into yesterday. The attacker gained a normal user access possibly by
cracking a weak password and then managed to get a root shell, install a
rootkit etc...
Looking throug
31 matches
Mail list logo
