Security Linux News for Feb 17, 2000
Linux.com: The Linux Support Nightmare? (2000-02-17 22:40:07)
"Some feedback to a recent article on Linux.com expressed how
Linux would be a "nightmare" to support for a relatively low-level
end-user community. I see this quite differently."
The Register: Crypto must be controlled -- FBI director (2000-02-17 22:08:06)
"Freeh and his boss, US Attorney General Janet Reno, have
repeatedly called for strict crypto regulations along the lines
preferred by the British and Communist Chinese governments."
The Register: Encryption rules threaten China Win2k launch (2000-02-17 21:58:24)
"One can't help recalling how sensitive the US has historically
been over encryption export... It's only been legal for US
companies to export 128-bit encryption since 14 January, yet now
the trade reps are demanding that overseas customers buy it."
LinuxResource.org: Security on a stock linux install? (2000-02-17 21:31:23)
"The way I see it, there are too many home users trying Linux
nowadays for most every possible service to be running on a stock
NetBSD Security Advisory 2000-001: procfs (2000-02-17 20:44:14)
"The procfs filesystem makes the different resources of a
process available under the directory /proc//. One of these
resources is the memory image of the process. Reading to and
writing from this special file is restricted. However, by tricking
a setuid binary to write into this file, this restriction can be
circumvented, and the memory image of another setuid binary can be
manipulated in such a way that it will execute a shell."
NetBSD Security Advisory 1999-012: ptrace (2000-02-17 20:37:56)
"ptrace(2)'d processes can gain "kernel" privileges on vax."
InfoWorld: Microsoft issues Internet Explorer security patch [affecting Win2k version] (2000-02-17 20:20:38)
"ON THE EVE of the release of its much-delayed Windows 2000,
Microsoft on Wednesday issued a patch for a security vulnerability
in the Internet browser which is bundled with the new operating
InfoWorld: Microsoft refutes reports of 63,000 Bugs in Win2000 (2000-02-17 18:01:54)
"According to White, the memo was intended as a "motivational
statement" for the Windows development team."
Far Eastern Economic Review: China Joins Linux Bandwagon (2000-02-17 16:05:32)
"Several domestic Chinese versions of Linux, two of them backed
by government agencies, are already on the market. Linux
development was the only software project on a list of the
government's top technology priorities published last year."
LinuxPR: T. Rex Open-Source Security Suite for Linux, AIX and Solaris (2000-02-17 15:47:01)
"Provides rock-solid, bullet-proof, peer-reviewed, tested
solutions on LINUX."
Security Portal: Firewalling with IPF (2000-02-17 01:45:35)
"IPF is the standard firewall for most BSD platforms, and works
on a variety of other operating systems, such as Solaris, IRIX and
earlier versions of Linux. The main advantage (there are other
advantages too) of IPF over most run of the mill OpenSource packet
filters is that it is stateful."
New TurboLinux mailing lists (2000-02-17 01:20:05)
"I'm happy to announce three new TurboLinux mailing lists, two
security related, and on open for random discussions about