View previous topic :: View next topic |
Author |
Message |
SilentShadow n00b
Joined: 25 Oct 2004 Posts: 36 Location: Italia
|
Posted: Wed Feb 23, 2005 3:28 pm Post subject: |
|
|
thanks,
so I need a user log-on to have the file decrypted?
I try you explain better my problem.
I'm new in a software house tha have a software based on php and postgres.
They newer think about the security of their sources so now I try to figure out how to protect the code.
The big issue with the crypt of partition or folder is the boot password.
I can't give the password to customers because with the password they are able to read the code, and also I can't run to the customers any time the machine reboot to write the password at the console.
I Think you solution don't resolve my personal problem, I have just scheduled to try as soon as is possible..... my laptoop need a litle bit of security too.
Thank Dario |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Wed Feb 23, 2005 4:03 pm Post subject: |
|
|
SilentShadow wrote: | so I need a user log-on to have the file decrypted? |
So you want encryption that doesn't need any password, dongle, biometric and so on? Sorry, but that's just impossible. After all, there must be "something" that gives you (i.e. your company) and nobody else access to the data. This doesn't have to be a password, but it should be clear that some kind of authentication is necessary.
In any case, if you're really worried about your data, you'll also have to consider the possibility that your customer boots a LiveCD and modifies the system to log the password. This is far from impossible. The only way to guarantee the security of your data would be to never again mount the partition or to do a complete audit of the machine before mounting.
If you don't trust your customers, don't do business with them. |
|
Back to top |
|
|
SilentShadow n00b
Joined: 25 Oct 2004 Posts: 36 Location: Italia
|
|
Back to top |
|
|
linux_girl Apprentice
Joined: 12 Sep 2003 Posts: 287
|
Posted: Wed Feb 23, 2005 7:12 pm Post subject: |
|
|
hehehe i found more usefull to encrypt the /home :
Code: |
.:[Managing 0/82 jobs.] [CPU Load: 0.24 Uptime: 0h13m]:.
.:[8 files using 1,1M] [root@localhost ~]:.
.:[21:09:35]:. $ cat /etc/conf.d/local.start
# /etc/conf.d/local.start:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/local.start,v 1.4 2002/11/18 19:39:22 azarah Exp $
# This is a good place to load any misc.
# programs on startup ( 1>&2 )
cryptsetup -c aes create home /dev/hdb1
mount /dev/mapper/home /home
|
Code: |
.:[Managing 0/82 jobs.] [CPU Load: 0.24 Uptime: 0h13m]:.
.:[8 files using 1,1M] [root@HackXoR ~]:.
.:[21:09:36]:. $ cat /etc/conf.d/local.stop
# /etc/conf.d/local.stop:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/local.stop,v 1.4 2002/11/18 19:39:22 azarah Exp $
# This is a good place to unload any misc.
# programs you started above.
# For example, if you are using OSS and have
# "/usr/local/bin/soundon" above, put
# "/usr/local/bin/soundoff" here.
/etc/init.d/mldonkey stop
umount /home/john/nfs && echo nfs unmounted
umount /home &&echo HOME unmounted
|
i plan to make a SUID c prog that use system(2): && MODE xscrensaver src to umount it when i am idle for more safty to store ultra important info
in any case the RIA : wont be able to uncrypte my /home to find /home/p2p/.mldonkey/incoming/*.mp3 and my users files
Code: |
.:[Managing 0/81 jobs.] [CPU Load: 0.62 Uptime: 0h15m]:.
.:[53 files using 746k] [root@localhost /home/john/bin]:.
.:[21:11:54]:. $ cat secmount
#!/bin/bash
su -c 'cd ~john; /sbin/losetup /dev/loop2 /home/john/secret;/bin/cryptsetup create secret /dev/loop2;mount /dev/mapper/secret /home/john/nfs;mount -o,remount exec ~john/nfs/'
|
Code: |
.:[Managing 0/81 jobs.] [CPU Load: 0.57 Uptime: 0h15m]:.
.:[53 files using 746k] [root@localhost /home/john/bin]:.
.:[21:11:59]:. $ cat secumount
su -c 'umount /home/john/nfs;cryptsetup remove secret;/sbin/losetup -d /dev/loop2'
|
_________________
Last edited by linux_girl on Fri Dec 15, 2006 3:08 am; edited 1 time in total |
|
Back to top |
|
|
ian! Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Fri Mar 04, 2005 1:03 pm Post subject: |
|
|
Nice How-To. I had to put some umount-foo into my local.stop so that the loop will be umounted when shutting down when the loop was mounted via kdm before.
/etc/conf.d/local.stop:
Code: | /bin/umount /home/<foo> && echo "/home/<foo> unmounted"
/bin/cryptsetup remove /dev/mapper/<bar> && echo "/dev/mapper/<bar> removed"
/sbin/losetup -d /dev/loop<number> && echo "loopdevice removed" |
_________________ "To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
Back to top |
|
|
yem n00b
Joined: 05 Nov 2002 Posts: 63 Location: Aotearoa
|
Posted: Fri Mar 11, 2005 10:53 am Post subject: |
|
|
Great HOWTO! _b Hopefully pam_mount will make it into portage soon.
A couple of points:
1) Where it says that you can theoretically login now and try creating/deleting files. Might be worth noting that you need to chown the mount point to the user after it is mounted. Confused me for a few minutes because the mountpoint changed ownership to root:root when mounted.
2) | (cd /home/frodo2; tar xpf -) could be written more clearly as | tar -xpf - -C /home/frodo2
3) If you use a login manager (guessing most people do - particularly on laptops) you need to add the auth/session lines to /etc/pam.d/{xdm,gdm,kdm}. /etc/pam.d/login is not sufficient.
Did you find anything more about using journalled filesystems on dm-crypted block devices? I have the backing file stored on an ext3 partition, but its not the same. Quick google didn't turn anything up. |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Sat Mar 12, 2005 12:23 am Post subject: |
|
|
Thanks!
ian! wrote: | I had to put some umount-foo into my local.stop so that the loop will be umounted when shutting down when the loop was mounted via kdm before. |
Yes, I should have added some lines about that problem. In fact there are still some processes left when you leave KDE, but only for a few ms. Adding a one second sleep to umount.crypt solves this problem. This should be more elegant. |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Sat Mar 12, 2005 12:41 am Post subject: |
|
|
yem wrote: | 1) Where it says that you can theoretically login now and try creating/deleting files. Might be worth noting that you need to chown the mount point to the user after it is mounted. Confused me for a few minutes because the mountpoint changed ownership to root:root when mounted. |
I think if you follow the guide this is taken care of
(Have a closer look at the code in section 5.)
yem wrote: | 2) | (cd /home/frodo2; tar xpf -) could be written more clearly as | tar -xpf - -C /home/frodo2 |
Changed.
yem wrote: | 3) If you use a login manager (guessing most people do - particularly on laptops) you need to add the auth/session lines to /etc/pam.d/{xdm,gdm,kdm}. /etc/pam.d/login is not sufficient. |
After emerge pam_mount you're advised to run etc-update which should point out the changes in the pam files.
yem wrote: | Did you find anything more about using journalled filesystems on dm-crypted block devices? I have the backing file stored on an ext3 partition, but its not the same. Quick google didn't turn anything up. |
I've recently read somewhere (IIRC some remarks by Hans Reiser) that in order to have a completely fail-safe (even unencrypted!) reiserfs partition it's in fact necessary to turn off the drive's write buffering. That sounds quite reasonable since the HDD's buffering does a reordering of the write operations.
In light of this I think that it would be somewhat irrealistic to have an absolutely fail-safe encrypted partition, but I'm by no means an expert and information seems to be scarce :-/.
Thanks for your feedback! |
|
Back to top |
|
|
yem n00b
Joined: 05 Nov 2002 Posts: 63 Location: Aotearoa
|
Posted: Sat Mar 12, 2005 8:09 am Post subject: |
|
|
tuxophil wrote: | I think if you follow the guide this is taken care of
(Have a closer look at the code in section 5.) | I see that, but the instuctions to "relogin as frodo. try copying some files" (paraphrasing) wont work without a chown first.
yem wrote: | 2) | (cd /home/frodo2; tar xpf -) could be written more clearly as | tar -xpf - -C /home/frodo2 | hmm or even "rsync -arv /home/frodo/ /home/frodo2/" ?
tixophil wrote: | After emerge pam_mount you're advised to run etc-update which should point out the changes in the pam files. | IIRC it modifies /etc/pam.d/login only, not the [xgk]dm profiles.
It's really a great HOWTO. These are just things that confused me. YMMV |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Sat Mar 12, 2005 9:15 am Post subject: |
|
|
yem wrote: | tuxophil wrote: | I think if you follow the guide this is taken care of
(Have a closer look at the code in section 5.) | I see that, but the instuctions to "relogin as frodo. try copying some files" (paraphrasing) wont work without a chown first. |
Crap! You're right I'll fix it later. Thanks.
yem wrote: | hmm or even "rsync -arv /home/frodo/ /home/frodo2/" ? |
I just had a look at man rsync, it seems that it should preserve everything (special files, attributes, etc.), but I'm not sure, since ACLs and extended attributes aren't mentioned. In man tar neither, but until somebody can confirm that rsync would work at least as good as tar, I'll stick to using tar.
yem wrote: | IIRC it modifies /etc/pam.d/login only, not the [xgk]dm profiles. |
Hmm, strange, on the two systems I did this kdm was also modified. Hopefully nothing's wrong with the ebuild... |
|
Back to top |
|
|
yem n00b
Joined: 05 Nov 2002 Posts: 63 Location: Aotearoa
|
Posted: Sat Mar 12, 2005 10:09 am Post subject: |
|
|
tuxophil wrote: | Hmm, strange, on the two systems I did this kdm was also modified. Hopefully nothing's wrong with the ebuild... | Ah I see what happened. The ebuild includes kde (but not kdm - are they the same thing?) and login. However, I don't use kde and thus the kde file was created by pam_login. Being a new file, etc-update didn't show any diff on that file.
I would suggest either modifying kde/m, gdm and xdm OR modify login only, and include an einfo in the ebuild to tell the user that they'll need to modify the file for their chosen *dm appropriately. Something like this:
Code: | --- pam_mount-0.9.22.ebuild 2005-03-12 22:58:46.000000000 +1300
+++ pam_mount-0.9.22-r1.ebuild 2005-03-12 23:06:22.000000000 +1300
@@ -29,7 +29,7 @@
insopts -m0644
doins ${FILESDIR}/pam_mount.conf
insinto /etc/pam.d
- doins ${FILESDIR}/login ${FILESDIR}/kde
+ doins ${FILESDIR}/login
# fixed mount.crypt
#insinto /usr/bin
#doins ${FILESDIR}/mount.crypt
@@ -38,3 +38,13 @@
dosym /usr/bin/mount.crypt /sbin/mount.crypt
dodoc README TODO AUTHORS ChangeLog FAQ INSTALL NEWS
}
+
+pkg_postinst() {
+ einfo "This ebuild modifies /etc/pam.d/login to include pam_mount hooks."
+ einfo "If you use a graphical login manager such as xdm, kdm or gdm, you"
+ einfo "will need to add the following lines to the appropriate file"
+ einfo "in /etc/pam.d/:"
+ einfo
+ einfo "auth optional /lib/security/pam_mount.so use_first_pass"
+ einfo "session optional /lib/security/pam_mount.so"
+} | (untested!) |
|
Back to top |
|
|
thomash n00b
Joined: 25 Oct 2003 Posts: 14
|
Posted: Fri Apr 08, 2005 5:30 pm Post subject: |
|
|
Hello everyone.
This looks like a really great guide, and I want to use a partition instead of a file.
I also want the entire /home directory encrypted, and not only the homedir of my regular user (thomas).
I have only two users on my laptop, and it's no problem to use the same password for both, if needed.
Anyone interested in giving me a step-by-step guide to achieve this (I'm pretty new to it)
I get stuck on where to store the key, and I'm not supposed to mkdir /home/home I assume?
Perimissions on various files would also be a problem =)
I appriciate any help!
Thanks.
Thomas Hoff |
|
Back to top |
|
|
thomash n00b
Joined: 25 Oct 2003 Posts: 14
|
Posted: Fri Apr 08, 2005 9:22 pm Post subject: |
|
|
Before attempting to encrypt all of /home, I thought I should give this tutorial a try (setting up an encrypted homedir for a specific user, from a partition)
This is what I did:
Code: |
dd if=/dev/urandom of=/dev/sda4 bs=1M
KEY=`tr -cd [:graph:] < /dev/urandom | head -c 79`
echo $KEY | cryptsetup create bleh /dev/sda4
mke2fs /dev/mapper/bleh
echo $KEY | openssl aes-256-ecb > /home/bleh.key
touch /home/bleh.key.old
chown bleh /home/bleh.key /home/bleh.key.old
chmod 600 /home/bleh.key /home/bleh.key.old
mkdir /home/bleh2
chown bleh /home/bleh2
chgrp users /home/bleh2
chmod 700 /home/bleh2
|
Then I added this line to my /etc/security/pam_mount.conf:
Code: |
volume bleh crypt - /dev/sda4 /home/bleh2 cipher=aes aes-256-ecb /home/bleh.key
|
Then I exited all sessions with "bleh" and logged in again. The messages i get after login looks good. No errors.
But I start in /home/bleh and not /home/bleh2
I did a 'ls /home' and got:
drwx------ 18 bleh users 1448 Apr 8 23:08 bleh
-rw------- 1 bleh root 112 Apr 8 22:52 bleh.key
-rw------- 1 bleh root 0 Apr 8 22:52 bleh.key.old
drwxr-xr-x 3 root root 4096 Apr 8 22:51 bleh2
It changes the owner, group and permission of /home/bleh2 when i login. I verified that it had the proper permissions before login.
Anyone know what the problem is? Can it be because I'm using an external USB HDD? Or am i missing something? |
|
Back to top |
|
|
thomash n00b
Joined: 25 Oct 2003 Posts: 14
|
Posted: Sat Apr 09, 2005 9:07 pm Post subject: |
|
|
Sorry, ignore my last post.
After the partition is mounted, i su'd and changed the owner, group and permisssions of /home/bleh2 (as section 5 tells me to do)
I saw someone else were asking about this too, guess i shoul've looked more closely =)
I'd still like to see how someone encrypted all of /home though |
|
Back to top |
|
|
thomash n00b
Joined: 25 Oct 2003 Posts: 14
|
Posted: Sat Apr 09, 2005 10:09 pm Post subject: |
|
|
Here is what i did to have all of /home encrypted, using a partition (on an external USB HDD):
bleh is my user.
Code: |
dd if=/dev/urandom of=/dev/sda4 bs=1M
KEY=`tr -cd [:graph:] < /dev/urandom | head -c 79`
echo $KEY | cryptsetup create bleh /dev/sda4
mke2fs /dev/mapper/bleh
echo $KEY | openssl aes-256-ecb > /etc/bleh.key
touch /etc/bleh.key.old
chown bleh /etc/bleh.key /etc/bleh.key.old
chmod 600 /etc/bleh.key /etc/bleh.key.old
|
Add the following line to /etc/security/pam_mount.conf:
Code: |
volume bleh crypt - /dev/sda4 /home cipher=aes aes-256-ecb /etc/bleh.key
|
Exit all sessions as bleh, login as root and do:
Code: |
mv /home /home2
mkdir /home
chown bleh /home
chgrp users /home
chmod 700 /home
|
Exit root, login as bleh and do:
Code: |
su
mkdir /home/bleh
chown bleh /home/bleh
chgrp users /home/bleh
chown 700 /home/bleh
|
Exit bleh and relogin. Now you should start in your new homedir in the encrypted /home.
You can now move all your files in /home2/bleh to your new homedir.
I haven't added a second user yet. Not sure how/if it would work. But i'll post more info as soon as i have it. |
|
Back to top |
|
|
kueka n00b
Joined: 09 Oct 2004 Posts: 3 Location: Germany
|
Posted: Sun Apr 10, 2005 10:15 pm Post subject: little add to this howto |
|
|
the setup works fine, only a little thing goes wrong.
i have tested the ssh login and it's fail with some errors.
after a little search on the web i have found the solution:
in /etc/ssh/sshd_conf set this parameters:
ChallengeResponseAuthentication no
PasswordAuthentication yes
and ssh login works.
so long |
|
Back to top |
|
|
gregory_bleiker n00b
Joined: 22 Aug 2005 Posts: 1
|
Posted: Mon Aug 22, 2005 4:00 pm Post subject: |
|
|
Hi All
Thanks for the nice HOWTO. However, I am (unfortunately) not getting it completely to work with SSH. I'm trying to have encrypted directories in a user's home and the user logs in (exclusively) via SSH.
What I have done so far:
The problem is that the drive is not unmounted on logout. I have applied the patch of http://bugzilla.mindrot.org/show_bug.cgi?id=926 to OpenSSH and changed /etc/ssh/sshd_config to not use privilege separation, without success...
Mounting the drive is no problem, but I have so far not been able to unmount a drive through pam_mount.
If I have UsePrivilegeSeparation, the unmount doesn't even get called, if I have it on it gets called but with wrong uid, so it can't unmount the drive because it was mounted as root in the auth part of pam.d. (it tells me mount disagrees with fstab, or if I put the mount command into a local ~/.pam_mount.conf, it tells me I'm not root, which I know, but I still think I'm great...
Any thoughts or help is highly appreciated.
Gregi |
|
Back to top |
|
|
yem n00b
Joined: 05 Nov 2002 Posts: 63 Location: Aotearoa
|
Posted: Wed Aug 24, 2005 9:36 pm Post subject: |
|
|
BTW: I just did a catchup emerge world and pam_mount broke. Turns out cryptsetup links against libdevmapper.so.1.00 exactly and it had been updated to 1.01. If you get an error about libdevmapper.so.x.xx not found (with debug turned on in /etc/security/pam_mount.conf) then try emerging cryptsetup again so that it will re-link with the current version of the lib. |
|
Back to top |
|
|
svf n00b
Joined: 01 Feb 2005 Posts: 50
|
Posted: Thu Oct 06, 2005 10:33 pm Post subject: |
|
|
heya...
nice howto.. im going to try that tomorrow morning..
but two questions..
is there any other way to do this(mount cryptet home on login) because according to the webpage pam_mount is discontinued maybe there some other neat way with the new baselayout
and second.. are there any other howtos how i can secure some of my /var/spool files? (tmpfs and pgp on shutdown? and risking data loss on crash?)
any other ideas?
nico _________________ uchafu! |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Fri Oct 07, 2005 7:44 am Post subject: |
|
|
svf wrote: | is there any other way to do this(mount cryptet home on login) because according to the webpage pam_mount is discontinued maybe there some other neat way with the new baselayout | Unfortunately I don't think there's another way that doesn't require a second passphrase. If you want to enter your passphrase only once it must be passed by PAM to the mount command. I don't know of any other pam_mount-like program. It's a pity that it's discontinued. But then again, it works just fine. The only I thing I may try sometime is to hack LUKS-support into it. (But only if it doesn't require too much C code.)
svf wrote: | and second.. are there any other howtos how i can secure some of my /var/spool files? (tmpfs and pgp on shutdown? and risking data loss on crash?)
any other ideas? | My setup is as follows: large enough swap, mount a 2GiB maximum tmpfs-filesystem as /tmp. Since tmpfs is handled by the VM, it always resides in RAM or swap. Just encrypt your swap and everything's fine.
/var/tmp is more problematic since these files should be persistent across reboots. Unfortunately the only solution I see is to make a system-wide encrypted partition for /var/tmp. But then you'll have to enter its passphrase at each startup. |
|
Back to top |
|
|
svf n00b
Joined: 01 Feb 2005 Posts: 50
|
Posted: Fri Oct 07, 2005 6:56 pm Post subject: |
|
|
hi
everythings working fine - thanks again
so the weakest point in the chain is my user password... i think i do have a really strong password but.. how is it stored? whats the algorithm used for /etc/shadow
(blowfish? des?) somebody knows about that? _________________ uchafu! |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Fri Oct 07, 2005 7:36 pm Post subject: |
|
|
svf wrote: | so the weakest point in the chain is my user password... | Normally yes. But don't forget about the unencrypted parts of your system...
svf wrote: | i think i do have a really strong password but.. how is it stored? whats the algorithm used for /etc/shadow (blowfish? des?) somebody knows about that? | IIRC it's salted MD5. MD5 may not be the strongest hash around, but brute forcing it would still be quite a feat. |
|
Back to top |
|
|
Massimo B. Veteran
Joined: 09 Feb 2005 Posts: 1768 Location: PB, Germany
|
Posted: Mon Oct 31, 2005 1:07 pm Post subject: |
|
|
Is there a way to do your setup also with the new baselayout and /etc/conf.d/cryptfs ? Encrypting the swap partition that way was terribly easy. _________________ HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
Back to top |
|
|
tuxophil Tux's lil' helper
Joined: 29 Jun 2003 Posts: 80 Location: Diddeleng, Lëtzebuerg
|
Posted: Sun Nov 06, 2005 6:41 pm Post subject: |
|
|
I don't think so. AFAIK conf.d/cryptfs requires the entry of a (system-level?) passphrase at boot time. To transparently mount a partition when the user logs in you'll have to use pam_mount. |
|
Back to top |
|
|
hippysurfer n00b
Joined: 14 Nov 2003 Posts: 51
|
Posted: Thu Nov 10, 2005 12:28 pm Post subject: problem unmounting on logout |
|
|
I have followed the HOWTO (many thanks to its author) but I have a problem with the encrypted filesystem not being unmounted on logout. I am logging in using 'su' so I have setup /etc/pam.d/su to use pam_mount and the mounting on login works fine. But when I logout I get the following log:
Code: |
pam_mount: received order to close things
pam_mount: real and effective user ID are 405 and 405.
pam_mount: user is guest
pam_mount: command: /usr/sbin/pmvarrun [-u] [guest] [-d] [-o] [-1]
pam_mount: could not open count file /var/run/pam_mount/guest
pam_mount: pmvarrun says login count is 0
pam_mount: going to unmount
pam_mount: information for mount:
pam_mount: --------
pam_mount: (defined by globalconf)
pam_mount: user: guest
pam_mount: server:
pam_mount: volume: /home/.guest.img
pam_mount: mountpoint: /home/.guest
pam_mount: options: loop,cipher=aes
pam_mount: fs_key_cipher: aes-256-ecb
pam_mount: fs_key_path: /home/.guest.key
pam_mount: use_fstab: 0
pam_mount: --------
pam_mount: command: /usr/sbin/lsof [/home/.guest]
pam_mount: lsof output (should be empty)...
pam_mount: waiting for lsof
pam_mount: command: /usr/bin/umount.crypt [/home/.guest]
pam_mount: umount errors (should be empty):
pam_mount: pam_mount: error setting uid to 0
pam_mount: mlockall failed: Cannot allocate memory
pam_mount: WARNING!!! Possibly insecure memory. Are you root?
pam_mount: Command failed: Invalid argument
pam_mount: umount: /home/.guest is not in the fstab (and you are not root)
pam_mount: umount.crypt: error unmounting /home/.guest
pam_mount: waiting for umount
pam_mount: unmount of /home/.guest.img failed
pam_mount: pam_mount execution complete
|
For some reason pam_mount can't setuid to root so the unount fails.
I can su to root and run umount.crypt /home/.guest and it works fine.
hmm
Regards
Richard |
|
Back to top |
|
|
|