[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KLUG Meeting notes -- April 14, 1998

To: klug@xxxxxxxxxxxxxxxx
Subject: KLUG Meeting notes -- April 14, 1998
From: "Robert G. Brown" <bob@xxxxxxx>
Date: Mon, 20 Apr 1998 22:44:00 -0400
Reply-to: bob@xxxxxxx
Return-Receipt-To: bob@acm.org


Attending: Chris Gidman, Chris Chio, Rick Knowlton, Scott Yellig, Bruce Smith,
           Adam Williamns, Robert Brown, Steve Scherbinski

The meeting got underways about 6:25 PM.

Chris Gidman played the NPR segment about Linux, which aired on 4/8/97,
with such people interviewed as Donald Becker, Richard Stallman, Linus
Torvalds, and others.

Rick Knowlton brought in application forms from the Kalamazoo Public Library,
for us to meet there.  Several copies were made and distributed.

A good deal of discussuion followed about a diverse number of topics, from the
popularity of Linux to the use of KPL space instead of PNU.  We can only meet
there 12 times a year.

Milk (from Bob), and Brownies (From Adam) were passed around, as the first 
part of the meeting wound down...

Part II consisted of the announced talk by Bruce Smith, specifically on a 
security "wrapper" for X-Windows, which is currently shipping with XFree86.

A little background here... There is frequent reference to a "setuid" bit,
and an explanation may be in order....

This bit is one of the access bits that can be set with the chmod command,
if one sets it... 

chmod +s filename

then, when the file is executed, it executes as if the owner of the file was
the executing user.  Now, suppose the owner of the file is root... that
means that when a typical user executes it, the execution takes place as
if that user was the root user... providing system access and everything
that implies.

Not a good thing.

Anyway, the idea is that all the X-Window servers were running as root, which
(due to other things) opened up a security hole, which could be exploited by 
some not pure of heart. The solution? build a "server-wrapper" (called, in
fact, server-wrapper) which runs with the suid bit set, and in turn runs the
X-server, which no longer itself runs as root.

Bruce then showed how to install this on your system in case you want to 
keep your system secure.   You can find the specifics on our website....

    http://klug.armintl.com
look under meetings, then past presentations.

The Q&A period that came from this presentation really brought us to part III
of the meeting, which turned into a general discussion about system security,
the Internet Daemon (intd), and related issues.  Rick Knowlton and Chris Gid-
man were both helpful, since as relative networking newbies they kept the 
discussion moving along to difffferent topics and made sure others were pre-
senting some of this in ways everyone present understood clearly.  We go into
some areas such as running server programs independent of inetd, and setting
up your own socket-based task to act as a server.

The meeting broke up at 9:00 PM.

Our next meeting will be a first official business meeting, with Adam Williams 
talking about what it takes to have your Very Own Domain.


This is also my last week presenting the Meeting Notes, and I would like some-
one else to step forward and take this task, at least for a time.

Prev by Date: A n excellent Linux web site [Scientific Applications for Linux]
Next by Date: *** Meeting reminder: This Tuesday At PNU's Building 298 ***
Prev by thread: A n excellent Linux web site [Scientific Applications for Linux]
Next by thread: Print Screen?
Index(es):
- Date
- Thread