Why would a sandbox for Mail, Safari, etc. be necessary if the user isn't running these applications with root privileges? Because the aforementioned trojan uses a local root exploit to gain root privileges. Thus, sandboxing still makes sense.
Notice that the new security features list also includes code signing and sandboxing. The technology is there, it's just not setup throughout the system.
Indeed, NetInfo is probably in place since the complete/etc/passwd has a comment suggesting such at the top:
# User Database # Note that this file is consulted when the system is running in single-user # mode. At other times this information is handled by lookupd. By default, # lookupd gets information from NetInfo, so this file will not be consulted # unless you have changed lookupd's configuration. nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/false root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh daemon:*:1:1::0:0:System Services:/var/root:XUU7aqfpey51o unknown:*:99:99::0:0:Unknown User:/var/empty:/usr/bin/false
He's not a professor. Just trying to keep the distinction straight, since Professors have absurdly more weight on campus than anyone else (except donors or trustees:-)
Since the "at" link in the story is to a former version of my homepage (~ferguson is my dad), I think I can comment on this.
I don't know WHERE this guy is coming from, unless its satire, in which case, it is poorly executed. Linux is quite prevalent on campus. In fact, OIT (central campus network folks) had to drop support for the public Irix cluster because of support costs, while the public Linux and Solaris clusters are chugging along just fine.
Yes, students have been using it on campus forever, but the scientists and engineers like it quite a bit too. A 1999 report by a Faculty Sub-Committee writes, "Linux is emerging as a widely-used version of Unix. At this time there are over 600 Linux systems registered at Princeton, and the number is growing rapidly. One of the advantages of Linux is that it makes it possible to take advantage of the economies of Intel-based computing and a full-featured operating system with a complete set of high quality software tools available gratis. We recommend that consideration be given to expanding the university DeSC program to include the Linux operating system as an option." [DeSC is the Desktop Systems Council, which oversees official university desktop computers.] So Slashdot crowd, remember who makes the real decisions at a private university: the tenured faculty, end of story. (NB, how many slashdot stores have been posted about Prof. Felton and his group? They do plenty of work with OSS.)
OIT has included Linux-specific information for a couple years now in its knowledgebase, complete with setup information, network configuration & printing, mounting the campus samba servers, backing up to the central Tivoli servers, etc. etc. They've also held seminars touting the benefits of OSS for departments; I know, because I've been to them.
So Linux isn't in trouble at Princeton. Guess this oddball found a pulpit from which to buck the herd.
The new one the Prince mentions isn't Princeton's first. It's the first one that everyone on campus can use and is centrally supported. The Geology Dept and Plasma Physics Labs and maybe Astrophysics and a couple other departments already have their own Beowulf Clusters.
Many bands allow taping of their concerts and the redistribution of audience recordings. Lately, the most popular method of distributing these recordings is as.shn files which are a type of lossless audio. A two hour show can be about 1.0 GB so that's one way to fill a lot of space quickly. You can get started at http://www.etree.org. There are many other sites out there that will allow to download SHN shows right from their servers including, for Dave Matthews, http://www.antsmarching.org.
Actually, try renaming a local.jpg file to something silly like.foo and then opening it. It works under Mozilla/Linux and clearly it didn't rely on the extension.
Try the latest CVS release, but it was reported on the mailing list today that part of the problem is the way Q3 accesses/dev/dsp. Some optimized glibc libraries have a problem with the way Q3 does this. Try using an unoptimized glibc, newer drivers, or well, fixing the code.:)
The show will be repeated at 4 AM on Sunday 13, 1999 on Channel 13, New York for those of us that missed it. Check local listings to see if it will be repeated at that time in your area.
Slashdot Mirror
Apple already does address space layout randomization in Leopard (Mac OS X 10.5)
See "Library Randomization" on
http://www.apple.com/macosx/features/300.html#security
Notice that the new security features list also includes code signing and sandboxing. The technology is there, it's just not setup throughout the system.
Indeed, NetInfo is probably in place since the complete /etc/passwd has a comment suggesting such at the top:
# User Database
# Note that this file is consulted when the system is running in single-user
# mode. At other times this information is handled by lookupd. By default,
# lookupd gets information from NetInfo, so this file will not be consulted
# unless you have changed lookupd's configuration.
nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/false
root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
daemon:*:1:1::0:0:System Services:/var/root:XUU7aqfpey51o
unknown:*:99:99::0:0:Unknown User:/var/empty:/usr/bin/false
Same thing here on a 3rd generation PowerBook G4 with all available updates. I tried to the ruby script -- it just crashed Quicktime, but no exploit.
That comparison chart was last updated in 1998. It's woefully out of date.
Mod parent down.
He's not a professor. Just trying to keep the distinction straight, since Professors have absurdly more weight on campus than anyone else (except donors or trustees :-)
Since the "at" link in the story is to a former version of my homepage (~ferguson is my dad), I think I can comment on this.
I don't know WHERE this guy is coming from, unless its satire, in which case, it is poorly executed. Linux is quite prevalent on campus. In fact, OIT (central campus network folks) had to drop support for the public Irix cluster because of support costs, while the public Linux and Solaris clusters are chugging along just fine.
Yes, students have been using it on campus forever, but the scientists and engineers like it quite a bit too. A 1999 report by a Faculty Sub-Committee writes, "Linux is emerging as a widely-used version of Unix. At this time there are over 600 Linux systems registered at Princeton, and the number is growing rapidly. One of the advantages of Linux is that it makes it possible to take advantage of the economies of Intel-based computing and a full-featured operating system with a complete set of high quality software tools available gratis. We recommend that consideration be given to expanding the university DeSC program to include the Linux operating system as an option." [DeSC is the Desktop Systems Council, which oversees official university desktop computers.] So Slashdot crowd, remember who makes the real decisions at a private university: the tenured faculty, end of story. (NB, how many slashdot stores have been posted about Prof. Felton and his group? They do plenty of work with OSS.)
OIT has included Linux-specific information for a couple years now in its knowledgebase, complete with setup information, network configuration & printing, mounting the campus samba servers, backing up to the central Tivoli servers, etc. etc. They've also held seminars touting the benefits of OSS for departments; I know, because I've been to them.
So Linux isn't in trouble at Princeton. Guess this oddball found a pulpit from which to buck the herd.
The new one the Prince mentions isn't Princeton's first. It's the first one that everyone on campus can use and is centrally supported. The Geology Dept and Plasma Physics Labs and maybe Astrophysics and a couple other departments already have their own Beowulf Clusters.
Many bands allow taping of their concerts and the redistribution of audience recordings. Lately, the most popular method of distributing these recordings is as .shn files which are a type of lossless audio. A two hour show can be about 1.0 GB so that's one way to fill a lot of space quickly. You can get started at http://www.etree.org. There are many other sites out there that will allow to download SHN shows right from their servers including, for Dave Matthews, http://www.antsmarching.org.
Actually, try renaming a local .jpg file to something silly like .foo and then opening it. It works under Mozilla/Linux and clearly it didn't rely on the extension.
Try the latest CVS release, but it was reported on the mailing list today that part of the problem is the way Q3 accesses /dev/dsp. Some optimized glibc libraries have a problem with the way Q3 does this. Try using an unoptimized glibc, newer drivers, or well, fixing the code. :)
The show will be repeated at 4 AM on Sunday 13, 1999 on Channel 13, New York for those of us that missed it. Check local listings to see if it will be repeated at that time in your area.