want to help a little bit, you can bounce or redirect SPAM message
to report-listspam@lists.d.o. If you want to help a lot, writing spamassassin
or protfix rules that match the SPAM and communicating that to the list admins
could help.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b
to revert some or
all of these marked/scheduled changes, I recommend starting aptitude in
interactive mode (aptitude).
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http
with that assertion.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/\_/
signature.asc
Description: This is a digitally signed message part.
in the default kernel?
Enable PAE. From what I understand, the features are not separable in the
i386 kernel. You either suffer under PAE and get NX, or you suffer without NX
and drop PAE.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o
On Monday, October 11, 2010 17:18:34 you wrote:
On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
Anyone else perceive this situation as being a bit sub-optimal from
the security perspective?
No.
Interesting. Do you happen to run any such systems in a production
environment?
Depends
been updated since last
time I researched the issue.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/\_/
signature.asc
Description
On Saturday, August 28, 2010 20:29:50 you wrote:
On Sat, Aug 28, 2010 at 3:08 AM, Boyd Stephen Smith Jr.
b...@iguanasuicide.net wrote:
In 4c77f5ca.6030...@gmail.com, Min Wang wrote:
(1) does this approach
prevent user1- root ( su- ) user2?
Yes. su does not grant Kerberos credentials.
Can't
as a Kerberos user.
Old-style NFS mostly trusts the local system to identify the user, which is
why it is mostly only secure if root is shared between the NFS server and
all its clients.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ
.
Basically whining from someone that doesn't know what they are talking about.
NB: Yes, patches from Ubuntu (in general) and Canonical employees (in
specific) can and are accepted, but they aren't given preferential treatment.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net
.
% ls -ld /etc/profile.d
drwxr-xr-x 2 root root 48 2007-07-26 15:36 /etc/profile.d
If someone can write to that directory, they have root. If they have root,
you are already in trouble.
Also: Patches Welcome.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net
http://www.debian.org/News/2010/20100806
I'm wondering if this means Squeeze will soon be receiving the same level of
support of the security team as Lenny currently receives?
--
Boyd Stephen Smith Jr
and debian-announce and I haven't
seen the security team claim full support for Squeeze, yet, but I could have
missed it.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http
. (Ping would be ok, but large TCP downloads would
flake out.)
IPv6 uses path MTU detection. Unless you have something seriously screwy with
your setup, MTUs (above the minimum) should not be an issue with IPv6.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net
.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/\_/
signature.asc
Description: This is a digitally signed message part.
computers, but sometimes you have not the
choice.
But yes, you don't want to get Kerberos tickets on an insecure system.
I thought tickets only lasted for a small period of time, and could be
expired early if need be so that you could use them on insecure machines.
--
Boyd Stephen Smith Jr
In 87ws7gavpe@mid.deneb.enyo.de, Florian Weimer wrote:
* Boyd Stephen Smith, Jr.:
In 200906101232.13509.zarl...@gmx.at, Johannes Zarl wrote:
when my screen is locked (either via Ctrl-Alt-L or via time-delay in
the screensaver itself), once I touch the mouse (and wait for the
screen-lock
drawing. That wasn't
enough to concern me. If you can see the unprotected desktop for enough
time to take a digital photo, it could result in a compromise.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM
servers.
I inherited a tripwire installation at some point. It was one mail message
per day (and if you didn't get that message you knew something was wrong).
It required a bit of tuning to not report errors regularly, but once I spent
that time it was fairly hands-off.
--
Boyd Stephen Smith Jr
the current archive format
over gmane, but I (probably) would notice much if it changed.
META NAME=ROBOTS CONTENT=NOINDEX
Or at least allow noindex tags inside posts.
HTML isn't allowed by the Code of Conduct, so noindex tags don't make
sense.
--
Boyd Stephen Smith Jr
in their version.
See http://www.backports.org:80/dokuwiki/doku.php?id=contribute Basic Rule
4.
It both identifies the package and ensures that the version is testing is
considered 'higher'. 1.2-3~bpo 1.2-3, according to dpkg.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b
, this will catch packages that are
not in stable that were backported, but it wouldn't catch packages that are
in stable but have a newer version in backports.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy
On Friday 13 March 2009 15:58:15 Florian Weimer wrote:
For the stable distribution (etch), this problem has been fixed in
version 2.9.5-2+lenny1.
Of course, that is a typo. The current stable distribution is Lenny.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net
rebuild, if there truly is a sabateur in the
ranks of the Debian maintainers?
I'm forwarding to debian-security; perhaps they will have suggestions. This
topic is more appropriate for that list than debian-user anyway.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b
.
What about hardlinking the suid-root binaries to a hidden location, waiting
for a security hole to be found/fixed, and then running the old binary to
exploit the hole? Does dpkg handle suid/sgid files so that this is
prevented?
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b
On Friday 2009 January 16 12:29:13 Johannes Wiedersich wrote:
Boyd Stephen Smith Jr. wrote:
What about hardlinking the suid-root binaries to a hidden location,
waiting for a security hole to be found/fixed, and then running the old
binary to exploit the hole?
IIRC, a hard link is the same file
On Friday 2009 January 16 14:45:44 Michael Loftis wrote:
--On January 16, 2009 7:29:13 PM +0100 Johannes Wiedersich
johan...@physik.blm.tu-muenchen.de wrote:
Boyd Stephen Smith Jr. wrote:
What about hardlinking the suid-root binaries to a hidden location,
waiting for a security hole
IIRC prevents this, Text File Busy/Text File In Use
|| error.
As does Linux (openSUSE):
$ sudo /bin/sh -c ' /opt/kde3/bin/kget'
/bin/sh: /opt/kde3/bin/kget: Text file busy
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984
On Friday 2009 January 16 15:49:46 Repasi Tibor wrote:
Boyd Stephen Smith Jr. wrote:
On Friday 2009 January 16 13:03:53 you wrote:
Boyd Stephen Smith Jr. wrote:
What about hardlinking the suid-root binaries to a hidden location,
waiting for a security hole to be found/fixed, and then running
installed suid binaries do get scrubbed after they aren't
in use, so you only have to worry about suid binaries you've created
yourself.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy
, I've also seen iptraf used a
bit.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
[EMAIL PROTECTED] ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.org/ \_/
signature.asc
Description
30 matches
Mail list logo