Berkeley CSUA MOTD:1999:November:23 Tuesday <Monday, Wednesday>
Berkeley CSUA MOTD
1999/11/23-26 [Computer/SW/Unix] UID:16942 Activity:high
11/23   In linux, how do you prevent non-wheel users from su'ing to root.
        This seems to be default in most unixes.
        \_ If you want the fascist BSD behavior, hack the GNU 'su'
           source; GNU 'su' from sh-utils doesn't support 'wheel' because
           RMS doesn't believe in group 'wheel'.  (Read the documentation
           if you don't believe me...)  Or, install the shadow password
           suite from, which
           may be more your style. -brg
           \_ RMS is a freak.  The spread of the internet worm in the late 80s
              was partly a result of his idiotic rms:rms account:pw bullshit.
        \_ Geeze.. install a real unix, not a "unix-like" OS.  If you want
           unix power, install it.  Don't try to pervert your toy into it.
           Or you could do what all the fanatics are talking about: you have
           the source; rewrite it.  That's the point of Linux, isn't it?
           \_ says ..
              The OpenBSD project produces a FREE, multi-platform 4.4BSD-based
              UNIX-like operating system. So *BSD is not real unix either.
              We all should get a copy of sysvr4 to run real unix :p
                \_ That's only a legalism.  openbsd is the real thing.  Linux
                   is a wannabe.
           \_ What defines something a real UNIX and something not a real UNIX?
                \_ OpenBSD has to say that because legally, only an OS
                    certified by The Open Group ( can be
                    called UNIX(tm).
                   \_ But OpenBSD, like all BSD's, actually have a real
                      ancestral roots in ATT Unix.  Even though they now
                      are now unencumbered from ATT source (gogo USL lawsuit)
                      the heritage is there.  Notice that you can buy a
                      personal Unix license which lets you get a copy of
                      all the Unix source including earlier BSD's from
           \_ Many real UNIX'es don't restrict who can su root - it's a BSDism
              that SysV didn't pick up.  The real answer - don't give them the
              root password and they can't su.
                \_ Fuck SysV.  I always hated SysV.  SysV is lamer unix.
        \_ "chgrp wheel /bin/su;chmod 4750 /bin/su"?
           \_ Hey, an answer to the question, amazing. As for the guy who
              said  "don't giv them the password," Remind me not to put you
              in charge of security on my network.  Brute force works
              awfully well on these new uber-fast computers.
                \_ If you think su blocking will keep them out, you shouldn't
                   be in charge of security anywhere.  If you ignore the
                   thousands of "su failed" messages that a brute force would
                   display, it's your fault.
                   \_ not to mention if you pick a real root password noone
                      is going to brute force it.  Especially because su
                      almost definatly includes a delay if the person typed
                      in the password wrong.
                      \_ That delay is really going to slow me down with
                         my N su's all running in parallel.
                         \_ yes it is.  Are you really this dumb?
                            \_ Process limits are easy to get around. Or did
                               you have somthing else in mind? What protects
                               you is chosing a strong password, not some
                               silly one-second delay.
                               \_ 1) What part of "real root password" don't
                                     you understand?
                                     \_ No such thing.  Anything can be brute
                                        \_ Assume the root password changes
                                           once every 5 years.  Remember the
                                           assumption is the root password
                                           is not one that a nice crack
                                           heuristic can guess.  The
                                           password space is BIG.
                                  2) Running out of machine resources on the
                                     other hand is not easy to get around.
                                     \_ You know that the pw failed as soon as
                                      su doesn't give you a prompt. So SIGKILL
                                      it then. No delay, no resource limit, no
                                      problem. The point is that su's delay
                                      doesn't get you any benefit in and of
                                      itself. You can get it down to where it
                                      takes hardly any more resources than it
                                      would without the delay.
                                      \_ actually they do the delay even
                                         if you choose the right password.
                                         But even if they didn't you would
                                         a significant amount of time
                                         (compared to the amount of time a
                                         crack takes) just to know the test
                                         had failed.  Even if it was a few
                                         mircoseconds that adds up QUICK.
                                         OH and umm, starting up that new
                                         su process is EXPENSIVE compared to
                                         the password check.
                                     Do you have any idea how many attempts
                                     you need to do to brute force a password?
                                     \_ Doesn't matter.  Got time.  Some OS's
                                        even let me read the pw file.  I can
                                        copy it elsewhere.  If I have physical
                                        access to anything, you're totally
                                        \_ this person wasn't asking about
                                           shadow passwords.  The issue was
                                           su being a security hole.  Not
                                           And a few more points...
                                           If you are so stupid you think
                                           anyone being able to su as root
                                           is a security hole cause they can
                                           use it to crack root by a brute
                                           force attack, well guess what,
                                           they can jsut brute force the
                                           account of someone who has wheel
                                           and then brute force the root
                                           password from that account.
                                           You obviously are some pathetic
                                           fool who knows only enough to
                                           be dangerous.
                                           The dangers of letting anyone su
                                           to root are along the lines of
                                           person x knows the root password
                                           somehow.  (Either was told,
                                           looked over someone's shoulder,
                                           sniffed it cause some fool
                                           used the root password over an
                                           insecure net, etc.)  It gives you
                                           a minor level of security in those
                                           cases.  However there are much
                                           more dangerous things to worry
                \_ If someone can brute force the password, why would he even
                   bother to su to root?  He'll just simply login as root.
                   \_ not if remote root logins are disabled.
        \_ I don't let my users login.
           \_ *cheer*!  --BOFH
                \_ I figure it's safest that way.  I print their email and
                   leave it in their inbox via in-house courier/mailboy.  They
                   use the phone to call anyone back.  WebTV for browsing.
        \_ Take it to a fucking security newsgroup.
1999/11/23-25 [Computer/SW/Compilers] UID:16943 Activity:low
11/23   Is there a cross-compiler installed on soda?  What do I have to do
        or install to compile a standard ANSI C program on soda and have it
        run under MS-DOS?  Just a very simple C program that manipulates
        files, nothing graphical and nothing windows or unix specific.
        \_ _why_ bother with setting up a cross compiler on soda when you
           can download a precompiled for dos, working version of gcc from
           \_ thank you!  that will work too.  I thought there was a simple
              way to do this on soda.  But gcc on dos will work.
        \_ In case there's no better answer, used to sell a
           cross compiler called High C.  I've used its Sparc/SunOS4.1 -->
           x86/DOS version.  -- yuen
1999/11/23-25 [Computer/SW/Mail] UID:16944 Activity:moderate
11/23   Agate is down?  Is it short term or long term?
        \_ read
           \_ cute.  And how would I do this without being able to read
              \_ Use the Force, Luke.
           \_ Will someone with access to the ucb.* hierarchy please
              summarize? --dim
              \_ The point is that agate is the official news server.
                 Hence you won't be able to see any messages to
                 ucb.* newsgroups if it's down.  (They *do* go to
       , but I didn't see any new ones.) -emarkp
                 \_ Sorry. I thought maybe the downtime was scheduled
                    and someone had read about it beforehand. --dim
        \_ It's back up now (Tue Nov 23 16:47:41 PST 1999). --dim
                                                     \_ planning for this
                                                        motd to be around
                                                        a while?
1999/11/23-26 [Finance/CC] UID:16945 Activity:high
11/23   Are there any online brokerages in the US that allow you to deposit
        cash from your credit card, rather than bank transfer/check/wire?
        \_ Jesus, you sure you want to do this?  I think margin rates are
           lower than most credit card rates.  And this is a way quick way
           to lose your shirt.
           \_ No you misunderstand;  I don't want to invest on credit (I
              always pay my full balance anyway.)  It's just that a credit card
              is a very easy way to transfer money from Switzerland to the
              US without going through difficult Swiss banks and stupid
              American banks.  Plus, the concept of a check doesn't really
              exist here (so outdated!)  -John
                \_ Finance charges accrue from day 1 on cash transfers.
                \_ So now you're funneling all those ill gotten Swiss bank held
                   gains into our God Fearing Peace Loving country?  Go home ya
                   Euro-Mafia criminal!  We don't want your blood money!
                   \_ Fear the day when I try to _avoid_ anything by moving
                      it to the US.  Maybe I'll just invest here.  -John
                        \_ In the blazing hot Swiss market?  A bastion of
                           competition and capitalism making millions for
                           all the little guys.
                           \_ Do I care if I make x% return in the US or
                              x% here?  Not really, plus my income &
                              capital gains taxes are way lower.  -John
                                \_ Your return in the US = Swiss Return +5000.
        \_ BTW, Visa charges 3% service charge for a credit card transaction.
           Depends on the amount,the service charge may be more or less.  Thus
           you lose 3% in the market already even if you can do a credit
           card transfer.  Besides, I don't know if your Swiss Visa card
           is US $ based.  You may be charged another round for currency
                \_ No, it's a Swiss Mastercard and I have never been charged
                   any fees except ATM withdrawal and my annual charge.  -John
                        \_ That's because the merchant actually pays
                           the credit card transaction fee.  I doubt
                           , however, that your Swiss bank will be willing
                           to pay the 3% or so.  (Ideally, the merchant
                           always pays the transaction fee, but people
                           have found ways to get around it.  That's way
                           you can get a cheaper price if you pay cash
                           instead of by credit for big purchases like
                \_ Is it a Eurocard? Most European "credit cards" are
                technically debit cards.                        -muchandr
                \_ there's no "conversion", it ain't cash.
                        \_ well, Visa charged me conversion fee when
                           I bought stuff in Tokyo.  And I wasn't paying
                           \_ Because the Yen is yucky.
           PIG-DOG FOOLS!  We own you!  UBS owns you!  ZOG owns you!  We will
           snap the whip of control over all you drones' backs from within
           our invincible mountain fortresses full of ill-gotten laundered
           colombian nazi drug money gold bars!  Bwahahaha!  -John ("Hans")
1999/11/23-24 [Recreation/Dating] UID:16946 Activity:kinda low
11/23   That's the problem with polygamy--all those rings get expensive!
        \_ I thought the problem was prison?
        \_ If rings and prison are your biggest problem with having multiple
           wives around, you're probably in luck...
           \_ I don't hate women, have a problem with women, or think poorly
              of women.  Legal issues are my only problem.  What's wrong with
              multiple women if they're happy with it?
              \_ contrariwise, what's the problem with only LEGALLY
                 marrying one? There's no law specifically against
                 "infidelity". There's just grounds for divorce.
                 \_ I want to marry them all.  They all want to marry me.  Who
                    are you to tell me I can legally have only one wife and the
                    rest must remain unacknowledged?  How can I possibly tell
                    the ones I don't marry that they'll just have to be my live
                    in girlfriends and should hope my "real wife" doesn't bust
                    us all for it?  How would you choose which one to marry?
                    The problem is nosy body clowns like you sticking your nose
                    into other's business.  Get out of my life and I'll stay
                    far away from yours.  The first thing I'll decide is you're
                    not allowed to masturbate anymore... not legally.  ahem.
                 \_ I thought there is, at least in CA, but they're just not
                    \_ I think its probably a civil issue. Which menas
                       your wife woudl have to file it. Whereas for "bigamy"
                       (from the viewpoint of legal marriage)
                       I think the state can come after you reguardless
                       of what your wives think.
                 \_ This is precisely what polygamists do nowadays.  Only marry
                    one wife legally, and just live with the others.  It's a
                    difficult issue (there are reports of child abuse/young
                    marriages in such communities).
                     \_ As opposed to other communities where there are no
                        reports of Child abuse/young marriages?
                     \_ Get out of my life!  I don't want to "just live with
                        the others".  I have the God given right to marry who
                        I choose.
1999/11/23-24 [Computer/SW/Editors/Vi] UID:16947 Activity:nil
11/22   Need URL on vi keyboard binding. Thanks.
        \_ file:/usr/share/doc/usd/
1999/11/23-24 [Science/GlobalWarming, Recreation/Humor] UID:16948 Activity:low
11/22   <DEAD><DEAD>
        \_ Joke?
           \_ Okay, obviously there are complete and utter morons on soda.
              Apologies to the person flamed in the previous item.
              \_ Apology accepted. In today's world, I've learned not to
                 make assumptions about anything.
        \_ Does someone want to mirror this?  I can't get throught 8.-(
Berkeley CSUA MOTD:1999:November:23 Tuesday <Monday, Wednesday>