On 2019-02-16 19:43, Thorsten Glaser wrote:
> Hi Aurelien,
>
> […]
> >All the above are purely hypothetical cases and I do not have a good
>
> Thanks for the insight, you have me understanding your point.
>
> These were about eatmydata in particular, do you have any
> insight on the other?
I do
Hi Aurelien,
[…]
>All the above are purely hypothetical cases and I do not have a good
Thanks for the insight, you have me understanding your point.
These were about eatmydata in particular, do you have any
insight on the other?
Yves-Alexis Perez dixit:
>My own opinion on this is that no setu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, 2019-02-15 at 18:37 +, Thorsten Glaser wrote:
> Perhaps, if it’s best to consider these LD_PRELOADable libraries
> that could benefit from the glibc suid bit case-by-case, this can
> be “preapproved”?
My own opinion on this is that no se
(slighy OT)
On Sat, Feb 16, 2019 at 11:22:19AM +0100, Aurelien Jarno wrote:
> - fsync() and fdatasync() always succeed when used with eatmydata. In
>the glibc cases, it fails if fd is not a valid file descriptor or if
>fd is bound to a special file (e.g., a pipe, FIFO, or socket) which
>
Hi,
On 2019-02-15 18:37, Thorsten Glaser wrote:
> Hi,
>
> >at first sight I'm not a huge fan of that. LD_PRELOAD and setuid stuff is
> >always a bit tricky, because abusing setuid files (and libraries here) might
> >mean privilege escalation. At lot of attacks in the past just abused setuid
> >bi
Hi,
>at first sight I'm not a huge fan of that. LD_PRELOAD and setuid stuff is
>always a bit tricky, because abusing setuid files (and libraries here) might
>mean privilege escalation. At lot of attacks in the past just abused setuid
>binaries to do bad stuff in order to gain root privilege.
that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, 2019-02-15 at 13:17 +, Thorsten Glaser wrote:
> > I think one reason I never really consider this chage is because my
> > security foo are not great enough to understand to throughly understand
> > all the possible implications such chang
(Hi Debian security team, we would like to consult you on this topic.)
Hi Mattia,
>I think one reason I never really consider this chage is because my
>security foo are not great enough to understand to throughly understand
>all the possible implications such change could have.
>
>Therefore, I'd
On Thu, Feb 14, 2019 at 10:32:14PM +0100, Thorsten Glaser wrote:
> I’ve just read something in the glibc ld.so manpage (because I am
> considering writing a preloadable library myself) and now wonder:
>
> tglase@tglase:~ $ LD_PRELOAD=libeatmydata.so sudo date -u
> ERROR: ld.so: object 'libeatmydat
Package: eatmydata
Version: 105-7
Severity: wishlist
I’ve just read something in the glibc ld.so manpage (because I am
considering writing a preloadable library myself) and now wonder:
tglase@tglase:~ $ LD_PRELOAD=libeatmydata.so sudo date -u
ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD
10 matches
Mail list logo