Kernel Vulnerabilities, Text Chat, Custom Error Pages, and Chroot Magicby chromatic
Linux Newsletter for 02/18/2003
Welcome to a President's Day-delayed version of the Linux newsletter. (For those of you not in the United States, that means "Three-Day Weekend".) Here's a recap of ONLamp and Linux articles this past week.
First up, Noel Davis has another Security Alerts column. This time, there's a potential filesystem corruption bug in Linux kernels 2.4.10 through 2.4.18. (On the other hand, it looks like there may be a 2.4.21 soon.) Other vulnerabilities cover Kerberos, Spam Assassin, and Window Maker.
Relative newcomer Robert Bernier is taking a trip through some of the forgotten areas of sysadmin lore. Rather than submit to monolithic, all-in-one packages, he wants to solve problems in a Unixy fashion. His first attempt is Secure Chat with YTalk and SSH. (An astute reader points out that there's still quite a bit of trust going on. Good to remember.)
Speaking of trust (and reusing a segue from last week), the perpetually smart Emmanuel Dreyfus returns with the second half of his article on chrooting
ntpd. This week, he explains the magic NetBSD added to libc to make this possible. Not everyone thinks this approach is the right one, but there are a lot of advantages to this idea. What did the NetBSD team decide? Read and find out.
Part of the fun of programming is making Easter Eggs. What better place than in an error message? While your editor would never suggest venting your frustration by calling users unpleasant names, he does like creativity. David Sklar, "PHP Cookbook" coauthor, offers Custom Error Pages with PHP and Apache, a guide to handling missing pages graciously--or at least, with wit. (Your author suggests haiku.)
To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit https://epoch.oreilly.com/account/default.orm and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).
To change your newsletter subscription options, please visit https://epoch.oreilly.com/account/default.orm and click the"Manage My Newsletters" link. For assistance, send email to
The next two weeks are already starting to take shape. In particular, look for a FreeSCI developer interview, an analysis of Linux and Wall Street, and a look at SimPy. (You might also find Tim O'Reilly's latest weblog thought-provoking: The Human Face of Microsoft, in which he argues that getting to know thoughtful, intelligent, and decent human beings makes it harder to demonize their organization.)
Until next Monday,
ONLamp.com and Linux DevCenter Top Five Articles Last Week
Linux Kernel Problems
Noel Davis looks at problems in the Linux kernel, Kerberos, dchp3, the Blade encoder, WebSphere Advanced Server, SpamAssasin, OpenBSD's chpass, Red Hat Linux 8.0's kernel-utils package, w3m, Window Maker, and HPUX's wall.
Creating Your Own CA
Rob Flickenger, author of O'Reilly's recently released Linux Server Hacks, shows you how to establish your own SSL Certificate Authority using OpenSSL and a utility called CA.pl.
You've replaced telnet with ssh. You've instituted password- checking utilities, and you rotate passwords monthly. Still feeling paranoid? Dru Lavigne's got the answer -- one time passwords. This alternate authentication method for FreeBSD means your security won't be jeopardized even if someone sniffs your password.
Custom Error Pages with PHP and Apache
Turn your "Page Not Found", or "404" messages into more than just bland error reports. Serve an alternate page based on the name of the page that was not found, create a page on the fly from a database, or send an email about the not-found page to a webmaster. David Sklar, coauthor of PHP Cookbook, shows you how, using PHP and Apache.
Speeding up Linux Using hdparm
Instantly double the I/O performance of your disks or, in some cases, show 6 to 10 times your existing throughput!
Return to the list of Linux Newsletters.
Return to the Linux DevCenter.