UFS on Solaris can also be bitten by the same bug.:-(
You should always remount ro if possible before backing up; otherwise make a FS snapshot of the disc after syncing to ensure nothing changes underneath.
If you can't get sane access to the block device, not all is lost. The dangers of operating the dump utility at the device level doesn't always result in problems in that dump operates conservatively when scanning directories, etc. A common scenario is when a file is opened for writing between the time you read it's inode and the time you attempt to extract n blocks from it. In a simple case, this is okay since the copy of the blocks you pulled from the stat structure are probably still valid for the old copy of the file; any new blocks written are not likely to reuse the old blocks unless the filesystem is close to full. Backing up a file that is currently being accessed R/W is not advised, however. Quiesce any databases if you value them.
It's better than nothing. If you run the dumps often enough, you can recover from one bad one by merging in the missing directories from a previous one. I've never had to do this in the past, though, maybe I've been lucky.:-)
a) It is 100% likely that whomever wrote this CGI banger was doing so was just crafting a POST request and sending it... and that's it. No amount of checking environment variables or what have you can catch that as the entire transmission can be faked by watching what a real webbrowser would send (including session cookies)
b) Thus, the only way to prevent formmail from being abused is to make sure that the form fields should be treated as completely hostile, and the email should be recrafted explicitly to contain it. If you are expecting UTF-8 input on your fields, you should ensure you use a MIME-multipart mail format and set the appropriate encodings to prevent misinterpretation/errors in the client (cough Outlook cough). Otherwise make it all US-ASCII and strip out control characters or ones with special meaning from each form field.
c) Log. Log everything. Make the script rate limit itself too... there's always the possibility of DoS.
Max Blackrabbit is THE BOMB. The only man allowed to depict Sabrina et. al in compromising positions without incurring the wrath of Eric Schrawtz (a.k.a. the endangered Amiga user).
Mad propz.
I was questioning the low IQ in the discussion...
on
RSA-576 Factored
·
· Score: 1
not the number factoring methods. I was speculating that most of the posters had no way of intelligently commenting on the story, as significant as it once. Thanks for the links, though.
since most software get-ups are very poor about the quality of their "support", unless it's tiered and you select the most expensive plan, which essentially gets you a line to the desk phone of the development team.
No... the logic is that the company will never pay for support because they'll be wasting their money if the did pay for it. But it's a good safety net to appease any naive decision maker who hasn't actually called up the support staff before in their life, and feels they need some level of assurance.
(I'm not saying this is universally true of all software vendors, but generally true. If you work in IT, you can name the ones you'd actually want to deal with on the phone, so it's an informed decision there)
Is it me, or is this story...
on
RSA-576 Factored
·
· Score: 1, Offtopic
attracting only comments from old troll accounts?
No one knows anything about how you go about factoring huge composite numbers, or can read German, or even knows the difference between breaking RSA-576 and breaking RC5-72.
So all that's left are people trying to find clever ways of linking to the prime number shitting goatse, and a surprising dearth of posts by abandoned troll accounts.
Also, I find it curious that you claim the majority of Linux servers which are doing the spam are 'compromised' systems. That would basically make MS machines the safest ones on the net, if we go by the article's statistics... That is assuming that the crackability of any particular linux system running vs. a windows system is somehow dependant on the likelyhood of any particular instance of that OS running a mail server. I will go out on a limb and claim that linux boxes visible to the Internet are 100 times more likely to have a mailer installed than a Windows box will have a copy of Exchange. The statistic makes it look like swiss cheese, but I think it's because the people looking for a relay host are targetting linux boxes (and the other 52%) specifically so they have a higher chance of success of it being nearly ready to go after the breach.
to be the explanation for the 43% of upstream spam sources. You have people installing older versions of Linux with everything enabled, then bungling the configuration turning it into a mail relay. For a person new to configuring sendmail, postfix, qmail, or whatever, you sort of enter a discovery phase where you make changes to the conf files, restart it, and see if you can send mail yet. And you stop, pat yourself on the back, and don't change anything when it starts working. But what if that change was that got it to work was, well, relay for all? Whoops.
Then there's the unpatched systems that get r00ted and turned into spam zombies.
I don't think the spammers are installing linux that much. (At least not the BIG ones, and they may be knowledgable/paranoid enough to go with OpenBSD or something) The majority probably got some Alienware rig bought off a stolen CC, running a cracked 2003 server. It's just that they offload the mail to some other cracked Unix host to do the work. That doesn't surprise me.
in the form of Cinerella. But it is even less intuitive to a beginner than Premier, which is a far cry from the ease-of-use of iMovie or what have you.
That being said, Cinerella is a BEAST. And free. It's a shame it's not getting the attention it deserves.
There is also gstreamer + transcode, and LiVES (which is rough around the edges but has the right idea), and the slick JahShaka.
didn't like the free puppy allegory. Because it's quite apt!
Linux is like a free puppy, they're wonderful: if you're a dog lover. You don't have to spend money or time on it if you don't want to, feeding it scraps and ignoring it. But that will make the dog "unruly".
But when pets are not allowed in the building, or you have no free time or can't afford a vet, an Aibo or Chia Pet is fine.
And for some tough jobs, nothing beats a border collie or german shepard...
It's quite simple. Recall the mental state and muscle memory used to hang up on a telemarketer (especially the pre-recorded variety).
Replace the requisite eyeroll with the swift SELECT drop-down drag to "-1: Troll". Then replace the handset slam with the furious, repeated left-click on the Moderate button at the bottom of the thread.
Check his posting history, in particular w.r.t. science.slashdot.org. This is the third time in recent memory he has posted the EXACT same 2 paragraph explanation as to why ID should be considered.
He posts relatively normally the rest of the time, gaining karma to continue posting this at +2 whenever possible. Slashbot Manipulation at it's finest (for fun, agenda, or profit).
This guy seems to just post this diatribe whenever he gets a chance. I am of the mind to say: moderate this guy down ALWAYS. All he does is use his karma to post this at +2 at his earliest convience.
(Yes, I was at one time the slashdot user "YOU ARE SUCH A FAG!")
mm/memory.c, (in an older 2.4.20 kernel), we have:...int make_pages_present(long, long)...... if (addr >= end)
BUG(); if (end > vma->vm_end)
BUG(); Which is called in do_mmap as: make_pages_present(addr, addr+len);
So if a very large len is supposed to overflow and wrap around, what good does that do if it causes the kernel to panic?
Is it a specific value of len > the possible address space of a user process that gets it to kernel memory? Above 3GB or something?
Slashdot Mirror
UFS on Solaris can also be bitten by the same bug. :-(
:-)
You should always remount ro if possible before backing up; otherwise make a FS snapshot of the disc after syncing to ensure nothing changes underneath.
If you can't get sane access to the block device, not all is lost. The dangers of operating the dump utility at the device level doesn't always result in problems in that dump operates conservatively when scanning directories, etc. A common scenario is when a file is opened for writing between the time you read it's inode and the time you attempt to extract n blocks from it. In a simple case, this is okay since the copy of the blocks you pulled from the stat structure are probably still valid for the old copy of the file; any new blocks written are not likely to reuse the old blocks unless the filesystem is close to full. Backing up a file that is currently being accessed R/W is not advised, however. Quiesce any databases if you value them.
It's better than nothing. If you run the dumps often enough, you can recover from one bad one by merging in the missing directories from a previous one. I've never had to do this in the past, though, maybe I've been lucky.
a) It is 100% likely that whomever wrote this CGI banger was doing so was just crafting a POST request and sending it... and that's it. No amount of checking environment variables or what have you can catch that as the entire transmission can be faked by watching what a real webbrowser would send (including session cookies)
b) Thus, the only way to prevent formmail from being abused is to make sure that the form fields should be treated as completely hostile, and the email should be recrafted explicitly to contain it. If you are expecting UTF-8 input on your fields, you should ensure you use a MIME-multipart mail format and set the appropriate encodings to prevent misinterpretation/errors in the client (cough Outlook cough). Otherwise make it all US-ASCII and strip out control characters or ones with special meaning from each form field.
c) Log. Log everything. Make the script rate limit itself too... there's always the possibility of DoS.
n/t
Max Blackrabbit is THE BOMB. The only man allowed to depict Sabrina et. al in compromising positions without incurring the wrath of Eric Schrawtz (a.k.a. the endangered Amiga user).
Mad propz.
not the number factoring methods. I was speculating that most of the posters had no way of intelligently commenting on the story, as significant as it once. Thanks for the links, though.
since most software get-ups are very poor about the quality of their "support", unless it's tiered and you select the most expensive plan, which essentially gets you a line to the desk phone of the development team.
No... the logic is that the company will never pay for support because they'll be wasting their money if the did pay for it. But it's a good safety net to appease any naive decision maker who hasn't actually called up the support staff before in their life, and feels they need some level of assurance.
(I'm not saying this is universally true of all software vendors, but generally true. If you work in IT, you can name the ones you'd actually want to deal with on the phone, so it's an informed decision there)
attracting only comments from old troll accounts?
No one knows anything about how you go about factoring huge composite numbers, or can read German, or even knows the difference between breaking RSA-576 and breaking RC5-72.
So all that's left are people trying to find clever ways of linking to the prime number shitting goatse, and a surprising dearth of posts by abandoned troll accounts.
Care to explain?
Yeah, they sell CDs
I'm sure WalMart has taken a similar position. Not much MP3 capable stuff there either.
I could post about 20 lines of AOL-speak and understate how cool that is. Please, post photos!
That is a MUCH more interesting topic than the rest of this thread. (sorry, guys)
RH 7.0 and 8.0.
I don't see the issue. Just wait until the updates to Fedora warrant 1.1, then try it. How is this any different than the past way of doing things?
unless the configure script is senile and bootstraps itself from YOUR local autoconf (which is just programmer laziness).
Tell the maintainer of your troubles... it needs to be fixed.
autoconf/automake are self-contained, and should only need to be used for building your own configure scripts, or for setting up packages from CVS.
Sidetalking like it's going out of style And it is.
More sidetalkin'
SCO nametag.
Also, I find it curious that you claim the majority of Linux servers which are doing the spam are 'compromised' systems. That would basically make MS machines the safest ones on the net, if we go by the article's statistics...
That is assuming that the crackability of any particular linux system running vs. a windows system is somehow dependant on the likelyhood of any particular instance of that OS running a mail server. I will go out on a limb and claim that linux boxes visible to the Internet are 100 times more likely to have a mailer installed than a Windows box will have a copy of Exchange.
The statistic makes it look like swiss cheese, but I think it's because the people looking for a relay host are targetting linux boxes (and the other 52%) specifically so they have a higher chance of success of it being nearly ready to go after the breach.
That's one less domain I have to maintain in my spam/ad-filtering regexes.
to be the explanation for the 43% of upstream spam sources. You have people installing older versions of Linux with everything enabled, then bungling the configuration turning it into a mail relay. For a person new to configuring sendmail, postfix, qmail, or whatever, you sort of enter a discovery phase where you make changes to the conf files, restart it, and see if you can send mail yet.
And you stop, pat yourself on the back, and don't change anything when it starts working. But what if that change was that got it to work was, well, relay for all? Whoops.
Then there's the unpatched systems that get r00ted and turned into spam zombies.
I don't think the spammers are installing linux that much. (At least not the BIG ones, and they may be knowledgable/paranoid enough to go with OpenBSD or something) The majority probably got some Alienware rig bought off a stolen CC, running a cracked 2003 server. It's just that they offload the mail to some other cracked Unix host to do the work. That doesn't surprise me.
in the form of Cinerella. But it is even less intuitive to a beginner than Premier, which is a far cry from the ease-of-use of iMovie or what have you.
That being said, Cinerella is a BEAST. And free. It's a shame it's not getting the attention it deserves.
There is also gstreamer + transcode, and LiVES (which is rough around the edges but has the right idea), and the slick JahShaka.
didn't like the free puppy allegory.
Because it's quite apt!
Linux is like a free puppy, they're wonderful: if you're a dog lover. You don't have to spend money or time on it if you don't want to, feeding it scraps and ignoring it. But that will make the dog "unruly".
But when pets are not allowed in the building, or you have no free time or can't afford a vet, an Aibo or Chia Pet is fine.
And for some tough jobs, nothing beats a border collie or german shepard...
n/t
(sarcasm, you nitwits)
It's quite simple. Recall the mental state and muscle memory used to hang up on a telemarketer (especially the pre-recorded variety).
Replace the requisite eyeroll with the swift SELECT drop-down drag to "-1: Troll". Then replace the handset slam with the furious, repeated left-click on the Moderate button at the bottom of the thread.
You showed them!
Check his posting history, in particular w.r.t. science.slashdot.org. This is the third time in recent memory he has posted the EXACT same 2 paragraph explanation as to why ID should be considered.
He posts relatively normally the rest of the time, gaining karma to continue posting this at +2 whenever possible. Slashbot Manipulation at it's finest (for fun, agenda, or profit).
Mod down. Mod down HARD.
This guy seems to just post this diatribe whenever he gets a chance. I am of the mind to say: moderate this guy down ALWAYS. All he does is use his karma to post this at +2 at his earliest convience.
(Yes, I was at one time the slashdot user "YOU ARE SUCH A FAG!")
Burn in hell.
mm/memory.c, (in an older 2.4.20 kernel), we have: ...int make_pages_present(long, long)... ...
if (addr >= end)
BUG();
if (end > vma->vm_end)
BUG();
Which is called in do_mmap as:
make_pages_present(addr, addr+len);
So if a very large len is supposed to overflow and wrap around, what good does that do if it causes the kernel to panic?
Is it a specific value of len > the possible address space of a user process that gets it to kernel memory? Above 3GB or something?
Solaris.
Backup Farm (with the 15000 tape robot and 2TB on FC-AL)?
Solaris
Visualization Cluster?
IRIX