| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 1999/11/23-26 [Computer/SW/Unix] UID:16942 Activity:high |
11/23 In linux, how do you prevent non-wheel users from su'ing to root.
This seems to be default in most unixes.
\_ If you want the fascist BSD behavior, hack the GNU 'su'
source; GNU 'su' from sh-utils doesn't support 'wheel' because
RMS doesn't believe in group 'wheel'. (Read the documentation
if you don't believe me...) Or, install the shadow password
suite from ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/, which
may be more your style. -brg
\_ RMS is a freak. The spread of the internet worm in the late 80s
was partly a result of his idiotic rms:rms account:pw bullshit.
\_ Geeze.. install a real unix, not a "unix-like" OS. If you want
unix power, install it. Don't try to pervert your toy into it.
Or you could do what all the fanatics are talking about: you have
the source; rewrite it. That's the point of Linux, isn't it?
\_ http://www.openbsd.org says ..
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based
UNIX-like operating system. So *BSD is not real unix either.
^^^^^^^^^
We all should get a copy of sysvr4 to run real unix :p
\_ That's only a legalism. openbsd is the real thing. Linux
is a wannabe.
\_ What defines something a real UNIX and something not a real UNIX?
\_ OpenBSD has to say that because legally, only an OS
certified by The Open Group (http://www.opengroup.org can be
called UNIX(tm).
\_ But OpenBSD, like all BSD's, actually have a real
ancestral roots in ATT Unix. Even though they now
are now unencumbered from ATT source (gogo USL lawsuit)
the heritage is there. Notice that you can buy a
personal Unix license which lets you get a copy of
all the Unix source including earlier BSD's from
McKusick.
\_ Many real UNIX'es don't restrict who can su root - it's a BSDism
that SysV didn't pick up. The real answer - don't give them the
root password and they can't su.
\_ Fuck SysV. I always hated SysV. SysV is lamer unix.
\_ "chgrp wheel /bin/su;chmod 4750 /bin/su"?
\_ Hey, an answer to the question, amazing. As for the guy who
said "don't giv them the password," Remind me not to put you
in charge of security on my network. Brute force works
awfully well on these new uber-fast computers.
\_ If you think su blocking will keep them out, you shouldn't
be in charge of security anywhere. If you ignore the
thousands of "su failed" messages that a brute force would
display, it's your fault.
\_ not to mention if you pick a real root password noone
is going to brute force it. Especially because su
almost definatly includes a delay if the person typed
in the password wrong.
\_ That delay is really going to slow me down with
my N su's all running in parallel.
\_ yes it is. Are you really this dumb?
\_ Process limits are easy to get around. Or did
you have somthing else in mind? What protects
you is chosing a strong password, not some
silly one-second delay.
\_ 1) What part of "real root password" don't
you understand?
\_ No such thing. Anything can be brute
forced.
\_ Assume the root password changes
once every 5 years. Remember the
assumption is the root password
is not one that a nice crack
heuristic can guess. The
problem.
password space is BIG.
2) Running out of machine resources on the
other hand is not easy to get around.
\_ You know that the pw failed as soon as
su doesn't give you a prompt. So SIGKILL
it then. No delay, no resource limit, no
problem. The point is that su's delay
doesn't get you any benefit in and of
itself. You can get it down to where it
takes hardly any more resources than it
would without the delay.
\_ actually they do the delay even
if you choose the right password.
But even if they didn't you would
a significant amount of time
(compared to the amount of time a
crack takes) just to know the test
had failed. Even if it was a few
mircoseconds that adds up QUICK.
OH and umm, starting up that new
su process is EXPENSIVE compared to
the password check.
Do you have any idea how many attempts
you need to do to brute force a password?
\_ Doesn't matter. Got time. Some OS's
even let me read the pw file. I can
copy it elsewhere. If I have physical
access to anything, you're totally
doomed.
\_ this person wasn't asking about
shadow passwords. The issue was
su being a security hole. Not
/etc/passwd.
And a few more points...
If you are so stupid you think
anyone being able to su as root
is a security hole cause they can
use it to crack root by a brute
force attack, well guess what,
they can jsut brute force the
account of someone who has wheel
and then brute force the root
password from that account.
You obviously are some pathetic
fool who knows only enough to
be dangerous.
The dangers of letting anyone su
to root are along the lines of
person x knows the root password
somehow. (Either was told,
looked over someone's shoulder,
sniffed it cause some fool
used the root password over an
insecure net, etc.) It gives you
a minor level of security in those
cases. However there are much
more dangerous things to worry
about.
\_ If someone can brute force the password, why would he even
bother to su to root? He'll just simply login as root.
\_ not if remote root logins are disabled.
\_ I don't let my users login.
\_ *cheer*! --BOFH
\_ I figure it's safest that way. I print their email and
leave it in their inbox via in-house courier/mailboy. They
use the phone to call anyone back. WebTV for browsing.
\_ Take it to a fucking security newsgroup. |
| 1999/11/23-25 [Computer/SW/Compilers] UID:16943 Activity:low |
11/23 Is there a cross-compiler installed on soda? What do I have to do
or install to compile a standard ANSI C program on soda and have it
run under MS-DOS? Just a very simple C program that manipulates
files, nothing graphical and nothing windows or unix specific.
\_ _why_ bother with setting up a cross compiler on soda when you
can download a precompiled for dos, working version of gcc from
http://www.delorie.com/djgpp ?
\_ thank you! that will work too. I thought there was a simple
way to do this on soda. But gcc on dos will work.
\_ In case there's no better answer, http://www.metaware.com used to sell a
cross compiler called High C. I've used its Sparc/SunOS4.1 -->
x86/DOS version. -- yuen |
| 1999/11/23-25 [Computer/SW/Mail] UID:16944 Activity:moderate |
11/23 Agate is down? Is it short term or long term?
\_ read ucb.news.announce
\_ cute. And how would I do this without being able to read
news?
\_ Use the Force, Luke.
\_ Will someone with access to the ucb.* hierarchy please
summarize? --dim
\_ The point is that agate is the official news server.
Hence you won't be able to see any messages to
ucb.* newsgroups if it's down. (They *do* go to
http://deja.com, but I didn't see any new ones.) -emarkp
\_ Sorry. I thought maybe the downtime was scheduled
and someone had read about it beforehand. --dim
\_ It's back up now (Tue Nov 23 16:47:41 PST 1999). --dim
\_ planning for this
motd to be around
a while? |
| 1999/11/23-26 [Finance/CC] UID:16945 Activity:high |
11/23 Are there any online brokerages in the US that allow you to deposit
cash from your credit card, rather than bank transfer/check/wire?
-John
\_ Jesus, you sure you want to do this? I think margin rates are
lower than most credit card rates. And this is a way quick way
to lose your shirt.
\_ No you misunderstand; I don't want to invest on credit (I
always pay my full balance anyway.) It's just that a credit card
is a very easy way to transfer money from Switzerland to the
US without going through difficult Swiss banks and stupid
American banks. Plus, the concept of a check doesn't really
exist here (so outdated!) -John
\_ Finance charges accrue from day 1 on cash transfers.
\_ So now you're funneling all those ill gotten Swiss bank held
gains into our God Fearing Peace Loving country? Go home ya
Euro-Mafia criminal! We don't want your blood money!
\_ Fear the day when I try to _avoid_ anything by moving
it to the US. Maybe I'll just invest here. -John
\_ In the blazing hot Swiss market? A bastion of
competition and capitalism making millions for
all the little guys.
\_ Do I care if I make x% return in the US or
x% here? Not really, plus my income &
capital gains taxes are way lower. -John
\_ Your return in the US = Swiss Return +5000.
\_ BTW, Visa charges 3% service charge for a credit card transaction.
Depends on the amount,the service charge may be more or less. Thus
you lose 3% in the market already even if you can do a credit
card transfer. Besides, I don't know if your Swiss Visa card
is US $ based. You may be charged another round for currency
conversion.
\_ No, it's a Swiss Mastercard and I have never been charged
any fees except ATM withdrawal and my annual charge. -John
\_ That's because the merchant actually pays
the credit card transaction fee. I doubt
, however, that your Swiss bank will be willing
to pay the 3% or so. (Ideally, the merchant
always pays the transaction fee, but people
have found ways to get around it. That's way
you can get a cheaper price if you pay cash
instead of by credit for big purchases like
cars).
\_ Is it a Eurocard? Most European "credit cards" are
technically debit cards. -muchandr
\_ there's no "conversion", it ain't cash.
\_ well, Visa charged me conversion fee when
I bought stuff in Tokyo. And I wasn't paying
cash.
\_ Because the Yen is yucky.
\_ AH HAHH HAH YOU'RE ALL DOOMED! TAX-PAYING IMPERIALIST SLAVE
PIG-DOG FOOLS! We own you! UBS owns you! ZOG owns you! We will
snap the whip of control over all you drones' backs from within
our invincible mountain fortresses full of ill-gotten laundered
colombian nazi drug money gold bars! Bwahahaha! -John ("Hans") |
| 1999/11/23-24 [Recreation/Dating] UID:16946 Activity:kinda low |
11/23 That's the problem with polygamy--all those rings get expensive!
\_ I thought the problem was prison?
\_ If rings and prison are your biggest problem with having multiple
wives around, you're probably in luck...
\_ I don't hate women, have a problem with women, or think poorly
of women. Legal issues are my only problem. What's wrong with
multiple women if they're happy with it?
\_ contrariwise, what's the problem with only LEGALLY
marrying one? There's no law specifically against
"infidelity". There's just grounds for divorce.
\_ I want to marry them all. They all want to marry me. Who
are you to tell me I can legally have only one wife and the
rest must remain unacknowledged? How can I possibly tell
the ones I don't marry that they'll just have to be my live
in girlfriends and should hope my "real wife" doesn't bust
us all for it? How would you choose which one to marry?
The problem is nosy body clowns like you sticking your nose
into other's business. Get out of my life and I'll stay
far away from yours. The first thing I'll decide is you're
not allowed to masturbate anymore... not legally. ahem.
\_ I thought there is, at least in CA, but they're just not
enforced.
\_ I think its probably a civil issue. Which menas
your wife woudl have to file it. Whereas for "bigamy"
(from the viewpoint of legal marriage)
I think the state can come after you reguardless
of what your wives think.
\_ This is precisely what polygamists do nowadays. Only marry
one wife legally, and just live with the others. It's a
difficult issue (there are reports of child abuse/young
marriages in such communities).
\_ As opposed to other communities where there are no
reports of Child abuse/young marriages?
\_ Get out of my life! I don't want to "just live with
the others". I have the God given right to marry who
I choose. |
| 1999/11/23-24 [Computer/SW/Editors/Vi] UID:16947 Activity:nil |
11/22 Need URL on vi keyboard binding. Thanks.
\_ file:/usr/share/doc/usd/12.vi |
| 1999/11/23-24 [Science/GlobalWarming, Recreation/Humor] UID:16948 Activity:low |
11/22 <DEAD>www.stanfordalumni.com/articles/99_1_microsoft_buys_su.html<DEAD> \_ Joke? \_ Okay, obviously there are complete and utter morons on soda. Apologies to the person flamed in the previous item. \_ Apology accepted. In today's world, I've learned not to make assumptions about anything. \_ Does someone want to mirror this? I can't get throught 8.-( |