The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security bugfix for Samba (fwd)

To: meskes@topsystem.de (Michael Meskes)
Subject: Re: Security bugfix for Samba (fwd)
From: Andrew Howell <andrew@avon.it.net.au>
Date: Wed, 1 Oct 1997 10:05:03 +0759 (WST)
Cc: debian-private@lists.debian.org (Debian Private), eparis@ven.ra.rockwell.com
In-reply-to: <11720CEF3853D011AC0C00A024B7A9E10B0859@einstein.topsystem.de> from Michael Meskes at "Sep 30, 97 08:54:40 pm"
Resent-cc: recipient list not shown: ;
Resent-date: 1 Oct 1997 02:10:35 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"7Vz_WD.A.21E.YEbM0"@debian>
Resent-sender: debian-private-request@lists.debian.org

Michael Meskes writes:
> Since I do have severe time constraints myself I would prefer to give
> away sambades, too. Eloy, how's you're time situation? 
> 
> Andrew, here's my todo list for a samba package. What do you think?
> 
> 1) Add a /etc/init.d startup script. IMO file servers should be run as
> daemons.

Yeah I agree, however does samba have any method of not allowing
certain hosts to connect to the daemon if it's running as a daemon?
That's what I liked about running it via inetd, the extra security of
running it through tcpd. The security hole fixed in p2 was a a problem
but not as serious if you denied access to people outside your own users.

> 2) Add /etc/lmhosts as config file.
> 3) Make both packages from the same source tree. Since the only
> difference are some flags in the Makefile that shouldn't be a problem.
> Also when I try to compile and link samba with DES on my system I get a
> binary dynamically linked against libcrypto (from SSLeay). Since the
> library is not included there shouldn't be a problem uploading this
> package to the US based master site.
> 
> However, what I'd like most is one package configurable to do DES or to
> not do DES. But that would mean creating a dummy crypto library for
> those who can't use the correct one.

Yes this is a very good idea.

> P.S.: The non-maintainer upload fixed several bugs. Do we have to close
> them? In particular 13388 and 8282 got fixed by simply using a new
> upstream version.

Yeah they should be closed. Lets see who is going to be the new maintainer
and let him close them  :)

Andrew

-- 
Dehydration - 34%, Recollection of previous evening - 2%, embarrassment
factor - 91%.  Advise repair schedule:- off line for 36 hours, re-boot
startup disk, and replace head - wow, what a night!
                -- Kryten in Red Dwarf `The Last Day'

Andrew Howell
Perth, Western Australia			       andrew@it.net.au


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- RE: Security bugfix for Samba (fwd)
  - From: Michael Meskes <meskes@topsystem.de>

Prev by Date: RE: Security bugfix for Samba (fwd)
Next by Date: Re: Security bugfix for Samba (fwd)
Previous by thread: Re: Security bugfix for Samba (fwd)
Next by thread: RE: Security bugfix for Samba (fwd)
Index(es):
- Date
- Thread