Re: [suse-security] SuSE security reputation, etc..
On Sat, 05 Aug 2000, JF wrote:
But they can only login as you the USER. They can never sniff the root password, as your "su root" password is always encrypted.
This is how I understand it. Even though the root passwd is encrypted on the box it is still sent accross the wire in plain text, therefore sniffable.
Maybe you cam to the thread ot of sequence? What I meant was, during an SSH session, the su root password is encrypted across the wire. Pretty much the only places it is plaintext are the keyboard driver and login/pam. But my point was that if your user password is sniffed from a POP session, then leet can sprinkle your path with trojans, which might sniff your su password and steal it. Thats all. dproc
This is how I understand it. Even though the root passwd is encrypted on the box it is still sent accross the wire in plain text, therefore sniffable.
Maybe you cam to the thread ot of sequence? What I meant was, during an SSH session, the su root password is encrypted across the wire. Pretty much the only places it is plaintext are the keyboard driver and login/pam.
But my point was that if your user password is sniffed from a POP session, then leet can sprinkle your path with trojans, which might sniff your su password and steal it.
Thats all. dproc
Check out the May edition of SysAdmin Magazine, Crypto 101, I cover how to SSL wrap POP/IMAP and related things. www.sysadminmag.com Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
Hi Kurt, ---- Kurt Seifried wrote:
[snip...]
Check out the May edition of SysAdmin Magazine, Crypto 101, I cover how to SSL wrap POP/IMAP and related things.
Pity that only remains a short ref to your article, on- line on "Contents: May2000" at: http://www.sysadminmag.com/archive/0905/ Very interesting your article "PAM - Pluggable Authentication Modules", great professional job you do. Better that i subscribe soon, just to not miss any!! =:`) And what's this "sushi interest" yours??
www.sysadminmag.com
Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
-- Best regards, Eduardo Carriles [-- Better a smile than a flame --] (Long time SuSE-Linux [preferred distro] user). [-- Se me nota mucho? -- Notices me much?] [-- Have a lot of fun...]
I hope this is not off-topic, but..... is there any particular reason the Cyrus imap system isn't contained in the SuSE-distribution? Erwin +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Erwin Rennert, Center for Social Innovation Austria, Europe erwin@zsi.at
I hope this is not off-topic, but.....
is there any particular reason the Cyrus imap system isn't contained in the SuSE-distribution?
Erwin
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Erwin Rennert, Center for Social Innovation Austria, Europe erwin@zsi.at
Hello Erwin, Carsten Hoeger told me that it's the license that keeps us from including the package. Sorry. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
On Wed, 9 Aug 2000, Roman Drahtmueller wrote:
I hope this is not off-topic, but.....
is there any particular reason the Cyrus imap system isn't contained in the SuSE-distribution?
Erwin
Hello Erwin,
Carsten Hoeger told me that it's the license that keeps us from including the package. Sorry.
Thanks, Roman. -- Hi Roman, Well, in fact the licence has changed since version 2.x (at the end of May). I think it might be considered open source, now.
http://asg.web.cmu.edu/cyrus/imapd/license.html I do hope you will reconsider... Erwin +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Erwin Rennert, Center for Social Innovation Austria, Europe erwin@zsi.at
From: Erwin Rennert <erwin@argos.zsi.at> To: Roman Drahtmueller <draht@suse.de> Cc: suse-security@suse.com Date: Wed, 9 Aug 2000 13:34:08 +0200 (CEST) Subject: Re: [suse-security] cyrus imap
On Wed, 9 Aug 2000, Roman Drahtmueller wrote:
I hope this is not off-topic, but.....
is there any particular reason the Cyrus imap system isn't contained in the SuSE-distribution?
Erwin
Hello Erwin,
Carsten Hoeger told me that it's the license that keeps us from including the package. Sorry.
Thanks, Roman. -- Hi Roman, Well, in fact the licence has changed since version 2.x (at the end of May). I think it might be considered open source, now.
http://asg.web.cmu.edu/cyrus/imapd/license.html
I do hope you will reconsider...
Erwin
Right, the license is acceptable (for my gusto). The responsible maintainer has been notified - I can't promise anything. The package needs extensive testing before we can include it in the distribution. Thanks! Roman Drahtmüller. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
Hi, Roman Drahtmueller schrieb:
I hope this is not off-topic, but.....
is there any particular reason the Cyrus imap system isn't contained in the SuSE-distribution?
Erwin
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Erwin Rennert, Center for Social Innovation Austria, Europe erwin@zsi.at
Hello Erwin,
Carsten Hoeger told me that it's the license that keeps us from including the package. Sorry.
Thanks, Roman.
.. is there in the 6.4 Version or will there be in the new 7 version a product which can do the same? What´s the problem with the cyrus-license? Grüsse, Werner
Hi Werner! :-)
.. is there in the 6.4 Version or will there be in the new 7 version a product which can do the same?
Usually, we only backport bugfixes for either severe or security related bugs. New packages will simply be included in the latest release of the distribution. Please note that I can't make any promises wrt cyrus imapd. While we're at it: It is not a big deal to compile the sources and thereby use an own version.
What´s the problem with the cyrus-license?
It was too restrictive in terms of the reselling clauses. You needed a commercial license for that.
Grüsse, Werner
Regards, Roman Drahtmüller. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
participants (6)
-
dproc@dol.net -
Eduardo Carriles -
Erwin Rennert -
Kurt Seifried -
Roman Drahtmueller -
Werner Ginzky