Thanks to all of you for contributing to this list and especially to the SuSE team for producing one of the world's finest Linux distributions :-) * keep up the good work * Merry Xmas and a happy new year Chris Burri Synecta Informatik AG Zwinglistrasse 3 9000 St. Gallen SWITZERLAND .-. /v\ L I N U X // \\ >I know KungFu!!< /( )\ ^^-^^
Thanks to all of you for contributing to this list and especially to the SuSE team for producing one of the world's finest Linux distributions :-)
* keep up the good work *
Thank you! Concerning the rumours about downtime of SuSE web- and ftp servers: Yes, we moved offices inside Nürnberg and used the xmas break for a maintenance break. We are back to live, though, and the interruptions shouldn't have lasted more than a few minutes.
Merry Xmas and a happy new year
I'm firing up the glibc announcement shortly. Busy days... Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
Hi all, merry xmas to one and all. Suse 7.3 apache 1.3.20 default user = wwwrun:nogroup security basics questions : does this user have a default password ? and if i passwd it will the webserver still run ? is this default password exploitable ? thanks in advance andre
At 11:01 PM 12/24/2001 +0200, you wrote:
Hi all,
merry xmas to one and all.
Suse 7.3 apache 1.3.20 default user = wwwrun:nogroup
security basics questions :
does this user have a default password ?
No, neither to most other "system" users like "nobody"
and if i passwd it will the webserver still run ?
Yes, but I don't know why you'd do that... it would make more sense to make the htdocs group-writable and chgrp them to "htmleditors" or some other group you create for htdoc editing (or you can just make the accounts used by editors part of the "nogroup" group).
is this default password exploitable ?
No, it's not a password. a * in the password field (in /etc/shadow) acts as a lock-out
thanks in advance
andre
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com
I have no idea what happened, could this be some sort of exploit ? Memory problem ? HD bad blocks ? This produced about 15000 lines of log entries (started day 24 and ended when someone rebooted the machine about 30 minutes ago). Should I be worried ? I'm running SuSE 7.3 pro, apache is 1.3.20 and php 4.0.6 Here's the log entry: Code: 8b 44 81 18 89 41 14 03 59 0c 83 f8 ff 75 23 8b 41 04 8b 11 <1>Unable to handle kernel paging request at virtual address c82eb62c printing eip: c012ab11 *pde = 00000000 Oops: 0000 CPU: 0 EIP: 0010:[kmem_cache_alloc+113/204] EFLAGS: 00010803 eax: 00b9016d ebx: 7202da00 ecx: c54ab060 edx: c4df0ae0 esi: c11fd1a0 edi: 00000246 ebp: 000001f0 esp: c59a3ed0 ds: 0018 es: 0018 ss: 0018 Process httpd (pid: 30662, stackpage=c59a3000) Stack: 00000004 c3c75850 00000000 bffffafc c0146435 c11fd1a0 000001f0 00000004 c01ed32a 00000004 c01edead 00000004 08094bd0 00000000 bffffb1c 401d54a0 ffffffe8 c59a2000 00000004 c011342c bffffb1c c2899f00 c2899180 c06b0ac0 Call Trace: [get_empty_inode+17/136] [sock_alloc+6/176] [sys_accept+61/252] [do_page_fault+0/1412] [unmap_fixup+274/300] [unmap_fixup+283/300] [do_brk+285/512] [sys_rt_sigaction+159/272] [sys_socketcall+180/512] [error_code+52/64] [system_call+51/64] Thanks in advance for your time ! :) Francisco Costa
Hi! Sounds like a memory problem. Run memtest-86 which is available on lilo startup menu. Greets, Boris. -----Ursprungliche Nachricht----- Von: Francisco Costa [mailto:fgcosta@ccj.ufsc.br] Gesendet: Mittwoch, 26. Dezember 2001 17:50 An: suse-security@suse.com Cc: suse-security@suse.com Betreff: [suse-security] apache gone crazy ? I have no idea what happened, could this be some sort of exploit ? Memory problem ? HD bad blocks ? This produced about 15000 lines of log entries (started day 24 and ended when someone rebooted the machine about 30 minutes ago). Should I be worried ? I'm running SuSE 7.3 pro, apache is 1.3.20 and php 4.0.6 Here's the log entry: Code: 8b 44 81 18 89 41 14 03 59 0c 83 f8 ff 75 23 8b 41 04 8b 11 <1>Unable to handle kernel paging request at virtual address c82eb62c printing eip: c012ab11 *pde = 00000000 Oops: 0000 CPU: 0 EIP: 0010:[kmem_cache_alloc+113/204] EFLAGS: 00010803 eax: 00b9016d ebx: 7202da00 ecx: c54ab060 edx: c4df0ae0 esi: c11fd1a0 edi: 00000246 ebp: 000001f0 esp: c59a3ed0 ds: 0018 es: 0018 ss: 0018 Process httpd (pid: 30662, stackpage=c59a3000) Stack: 00000004 c3c75850 00000000 bffffafc c0146435 c11fd1a0 000001f0 00000004 c01ed32a 00000004 c01edead 00000004 08094bd0 00000000 bffffb1c 401d54a0 ffffffe8 c59a2000 00000004 c011342c bffffb1c c2899f00 c2899180 c06b0ac0 Call Trace: [get_empty_inode+17/136] [sock_alloc+6/176] [sys_accept+61/252] [do_page_fault+0/1412] [unmap_fixup+274/300] [unmap_fixup+283/300] [do_brk+285/512] [sys_rt_sigaction+159/272] [sys_socketcall+180/512] [error_code+52/64] [system_call+51/64] Thanks in advance for your time ! :) Francisco Costa -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (6)
-
andre@do -
Boris Kantwerk -
christian.burri@synecta.ch -
Francisco Costa -
JW -
Roman Drahtmueller