Re: security: crontab

2000-08-02 Thread Sam Bayne
I know it's been a while on this thread, but you should also look at the Stackguard compiler, an anti stack-smashing modified version of gcc. Only works on Intel, but the folks there have a RedHat 6.2 iso image with many of the packages compiled with Stackguard. umm, www.immunix.org, I think.

Re: security: crontab

2000-07-15 Thread Nitebirdz
On Sat, 15 Jul 2000, Michael Ghens wrote: > Todd, what is the url for this library? > http://www.bell-labs.com/org/11356/libsafe.html I found it by doing a search for libsafe in http://www.freshmeat.net, but I'm pretty sure that http://www.filewatcher.org and http://www.rpmfind.org would also

Re: security: crontab

2000-07-15 Thread Merell L. Matlock, Jr.
* Michael Ghens ([EMAIL PROTECTED]) [000715 17:23]: > Todd, what is the url for this library? http://www.bell-labs.com/org/11356/libsafe.html > > From: Todd A. Jacobs <[EMAIL PROTECTED]> > > Have you tried installing libsafe on your system? It should prevent all > > buffer overflow exploits,

Re: security: crontab

2000-07-15 Thread Jasper Jans
http://linux.stanford.edu/rpm2html/Unknown.html Enjoy :) J. - Original Message - From: Michael Ghens <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 15, 2000 11:21 PM Subject: Re: security: crontab | Todd, what is the url for this library? | | On Wed,

Re: security: crontab

2000-07-15 Thread Michael Ghens
Todd, what is the url for this library? On Wed, 12 Jul 2000, Todd A. Jacobs wrote: > Date: Wed, 12 Jul 2000 16:46:02 -0700 (PDT) > From: Todd A. Jacobs <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: security: crontab > Resent-Da

Re: security: crontab

2000-07-12 Thread ben
Neat! I hadn't heard of this before and I am very impressed. Nice little program, thank you Bell Labs. This is going in my "Need to install on all new systems" list. -Ben Newman "Before I'm done you will all taste my meaty brain chunks." Spider

Re: security: crontab

2000-07-12 Thread Todd A. Jacobs
On Wed, 12 Jul 2000, Michael Ghens wrote: > I just cannot believe this. I just tested an old vixie cron exploit > against crontab. It was a clasic buffer overflow attack. I have a > RH6.2 WITH UPDATES. It worked. This exploit is almost over a year old. Have you tried installing libsafe on your s

Re: security: crontab

2000-07-12 Thread Michael Ghens
If you want the code. Do not ask, it is readily available in the bugtraq archive. On Wed, 12 Jul 2000, Michael Ghens wrote: > Date: Wed, 12 Jul 2000 15:40:23 -0700 (PDT) > From: Michael Ghens <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: security: crontab > &g

security: crontab

2000-07-12 Thread Michael Ghens
I just cannot believe this. I just tested an old vixie cron exploit against crontab. It was a clasic buffer overflow attack. I have a RH6.2 WITH UPDATES. It worked. This exploit is almost over a year old. It's standard permistions are: -rwsr-xr-x My advice, change the permissions on /usr/bin/cro