Bayesian Filtering, chroot, Systrace, and the Slammerby chromatic
Linux Newsletter for 02/03/2003
Welcome to the first Linux newsletter of February. (There's no truth to the rumor that if Linus saw his shadow yesterday, there would be six more weeks of code freeze before 2.6 prereleases.) Here are the new articles this week on ONLamp.com:
Probability and math have been popular among the anti-spam folks this past year, and no idea has been hotter than that of Bayesian filtering. By analyzing known good versus known spam messages, it's possible to tailor a filter that can predict the classification of a message with amazing accuracy. That's nice, but where does it leave the non-math geeks? Fortunately, Oktay Altunergil explains how to install a Bayesian filtering package called bogofilter. He also shows how to use it with the powerful and fast Sylpheed-claws email client. Read more in Bayesian Filtering with bogofilter and Sylpheed Claws.
Perhaps the most commonly exploited security flaw (at least from a programming standpoint--social engineering is alive and well) is the shameful buffer overflow. While there are ways to avoid this flaw, the sheer amount of useful code that has yet to be audited is overwhelming. Fortunately, there are techniques to minimize the damage even if a program can be exploited. Emmanuel Dreyfus takes a break from emulating other operating systems on NetBSD to explain chroot Jails.
Speaking of security flaws, Noel Davis' latest Security Alerts points to remote holes in CVS and dhcp, among other applications. If this is news to you, read this article first!
Michael Lucas, the intrepid BSD columnist, returns this week with an interesting take on security. Recent developments in the BSDs make it possible not only to trace the system calls that applications make, but to allow or deny them based on all sorts of criteria. If you're not sufficiently paranoid yet, read more in Systrace Policies. Part two will be published soon.
Also, Iljitsch van Beijnum, still the author of BGP, has written a short personal account of his Network Impact of the MS SQL Worm. It's interesting--and more than a little frustrating--that with Code Red, SQL Slammer, and Nimda, customers who use Microsoft software but don't keep up to date with patches and security are causing so much trouble to the rest of the Internet.
To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit https://epoch.oreilly.com/account/default.orm and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).
To change your newsletter subscription options, please visit https://epoch.oreilly.com/account/default.orm and click the"Manage My Newsletters" link. For assistance, send email to
Betsy Waliszewski, fabulous Linux marketing person, has announced the winners of the LinuxWorld drawing. They are:
- Victor Arriola, of Merrill Lynch
- Lance Raymond, of Austin Travel
- Immaculata Cernohous, of Mayo Foundation
- Mattias Pettersson, of Mate Solutions (Media Application Technologies & Edutainment)
- Allen Todd, of SIG
Finally, there's still time to get your proposals in for OSCON 2003. You have 12 days.
Until next week,
ONLamp.com and Linux DevCenter Top Five Articles Last Week
Network Impact of the MS SQL Worm
Iljitsch van Beijnum, the author of BGP and a network manager, describes how he dealt with the MS SQL worm attack.
NetBSD and OpenBSD have an interesting new system policy manager called systrace. With the proper policies, system administrators can control which system calls can be made and how. Michael Lucas explains how this works and how to understand -- and write -- a good policy file.
Noel Davis looks at problems in Concurrent Versions System (CVS), DHCP, slocate, Vim, Linux printer drivers, susehelp, fnord, mpg123, Astaro Security Linux firewall, and phpLinks.
Odds and Ends
The end of year holidays bring a chance to reconnect with friends, family, and Unix. At least, they do in Dru Lavigne's household. The FreeBSD columnist shares a few odds and ends on getting to know Unix better.
Securing Systems with chroot
Recently, support was added to the NetBSD Operating System to run the Network Time Protocol Daemon (ntpd) under an unprivileged user ID in a chroot jail. In the first of two articles, Emmanuel Dreyfus explains buffer overflows -- a typical Unix security flaw, then explains a chroot jail and the motivation for running a program in it.
Return to the list of Linux Newsletters.
Return to the Linux DevCenter.