On Fri, Oct 31, 2003 at 06:41:20PM -0500, Michael Stone wrote:
> >I'm looking for a list of characters that are not allowable (or that
> >cause problems) for passwords if any under a standard Debian GNU/Linux
> >install (using md5).
>
> AFAIK, there aren't any. You may run into limitations in pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 01 Nov 2003 at 07:02:49AM -0500, Lupe Christoph wrote:
> > 0. With the obvious exception that C strings don't like null bytes. So
> > try to avoid hitting the null key on your keyboard. :)
>
> You forgot that a ':' as part of the encrypted pas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 01 Nov 2003 at 05:15:34PM -0500, Adam ENDRODI wrote:
> I tend to disagree, I'm afraid. The presence of remotely
> exploitable bugs in user applications (be it a client of some
> networked game, or a PDF viewer) impose a great risk on the user,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 01 Nov 2003 at 07:02:49AM -0500, Lupe Christoph wrote:
> > 0. With the obvious exception that C strings don't like null bytes. So
> > try to avoid hitting the null key on your keyboard. :)
>
> You forgot that a ':' as part of the encrypted pas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 01 Nov 2003 at 05:15:34PM -0500, Adam ENDRODI wrote:
> I tend to disagree, I'm afraid. The presence of remotely
> exploitable bugs in user applications (be it a client of some
> networked game, or a PDF viewer) impose a great risk on the user,
On Sat, Nov 01, 2003 at 11:03:16AM +0100, [EMAIL PROTECTED] wrote:
> > For example, people sometimes file bugs about buffer overflows in
> > "simple" programs (which run with no privileges and do not act on any
> > untrusted input) just because they are buffer overflows, a type of bug
> > which is
On Sat, Nov 01, 2003 at 11:03:16AM +0100, [EMAIL PROTECTED] wrote:
> > For example, people sometimes file bugs about buffer overflows in
> > "simple" programs (which run with no privileges and do not act on any
> > untrusted input) just because they are buffer overflows, a type of bug
> > which is
Ups, my apologies. You're completely right. I meant "remote access with
apache user rights".
-R
> On Saturday, 2003-11-01 at 11:03:16 +0100, [EMAIL PROTECTED] wrote:
>
>> - the bug is quite serious (local root, at minimun)
>
> I wonder how a user would obtain root priviledges by overrunning an
>
Ups, my apologies. You're completely right. I meant "remote access with
apache user rights".
-R
> On Saturday, 2003-11-01 at 11:03:16 +0100, [EMAIL PROTECTED] wrote:
>
>> - the bug is quite serious (local root, at minimun)
>
> I wonder how a user would obtain root priviledges by overrunning an
>
On Sat, Nov 01, 2003 at 01:02:49PM +0100, Lupe Christoph wrote:
You forgot that a ':' as part of the encrypted password will cause
problems ;-)
But the crypt functions won't return that character, so it shouldn't be
a problem. The input character set has nothing to do with the output
character
On Sat, Nov 01, 2003 at 01:02:49PM +0100, Lupe Christoph wrote:
You forgot that a ':' as part of the encrypted password will cause
problems ;-)
But the crypt functions won't return that character, so it shouldn't be
a problem. The input character set has nothing to do with the output
character set.
On Friday, 2003-10-31 at 18:41:20 -0500, Michael Stone wrote:
> >I'm looking for a list of characters that are not allowable (or that
> >cause problems) for passwords if any under a standard Debian GNU/Linux
> >install (using md5).
> AFAIK, there aren't any. You may run into limitations in parti
On Friday, 2003-10-31 at 18:41:20 -0500, Michael Stone wrote:
> >I'm looking for a list of characters that are not allowable (or that
> >cause problems) for passwords if any under a standard Debian GNU/Linux
> >install (using md5).
> AFAIK, there aren't any. You may run into limitations in parti
> On Fri, Oct 31, 2003 at 06:06:15PM +0100, Roman Medina wrote:
>
>> My opinion is that if a security bug is discovered it should be fixed
>> ASAP. It's really simple. The argument: "We believe that there is no
>> security update required because intentionally exploiting this
>> vulnerability requi
> On Fri, Oct 31, 2003 at 06:06:15PM +0100, Roman Medina wrote:
>
>> My opinion is that if a security bug is discovered it should be fixed
>> ASAP. It's really simple. The argument: "We believe that there is no
>> security update required because intentionally exploiting this
>> vulnerability requi
15 matches
Mail list logo