safe to run in publicly accessible dirs. But this
does not excuse fakeroot to make up its own perms.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
safe to run in publicly accessible dirs. But this
does not excuse fakeroot to make up its own perms.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
measures how quickly vulnerabilities are corrected. It's the right
statistic.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Jan 15, 2002 at 02:04:38PM +, Tim Haynes wrote:
Colin Phipps [EMAIL PROTECTED] writes:
It is not misleading in this case, the tail is the _most_ important part
of the data. It doesn't matter if we patch every other hole in 10 minutes
if we leave one open for months.
Yes
measures how quickly vulnerabilities are corrected. It's the right
statistic.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
should be requirements for any security
secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to
be a developer *yet*, but they should (either in fact or in effect) become one.
Which was what Thomas suggested.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com
be requirements for any security
secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to
be a developer *yet*, but they should (either in fact or in effect) become one.
Which was what Thomas suggested.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
of a
possible security compromise.
Not necessarily. From a quick search it looks like lpd is a likely culprit,
http://www.geocrawler.com/mail/msg.php3?msg_id=6285770list=216
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
of a
possible security compromise.
Not necessarily. From a quick search it looks like lpd is a likely culprit,
http://www.geocrawler.com/mail/msg.php3?msg_id=6285770list=216
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
is serious. Which is why modern identds support returning
crypted uids which can only be decoded by the originating server admin.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
stdin/stdout, which was to avoid
the privileged process having to open anything.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
. On debian security alert pages I see nothing about passwd. What should
I do?
Hmm. I would've thought r2 covered all the glibc exploits. Perhaps if you give
your exact glibc version (dpkg -l libc6) and a pointer to the exploit (if it's
public) then we'll be able to give you an answer.
--
Colin
set of packages
providing at least one is in main, IMHO.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
running something, do a
grep nobody /etc/cron.daily/* and it'll probably be there.
--
Colin Phipps PGP 0x689E463E http://www.netcraft.com/
it's still possible (it's
fundamental to the lack of design of these protocols that they have no defense
vs packet loops).
The TCP versions OTOH are pretty safe, assuming you use suitable concurrency
limiting on connections, but disabling them remains easier and safer.
--
Colin Phipps PGP
it's still possible (it's
fundamental to the lack of design of these protocols that they have no defense
vs packet loops).
The TCP versions OTOH are pretty safe, assuming you use suitable concurrency
limiting on connections, but disabling them remains easier and safer.
--
Colin Phipps PGP
if an user finds the real X?
If you have local users deliberately going out of their way to open TCP ports
that you don't want, then you are looking in the wrong place to fix this;
either you want userdel(8), paranoia kernel patches, or firewalling.
--
Colin Phippshttp
.
[snip]
I'm inclined to think Wichert's fix is better
I'll second that.
--
Colin Phippshttp://www.netcraft.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
.
[snip]
I'm inclined to think Wichert's fix is better
I'll second that.
--
Colin Phippshttp://www.netcraft.com/
thinking of one user enabling
logging to capture other users' passwords).
--
Colin Phippshttp://www.netcraft.com/
.
On Thu, 8 Mar 2001, Kozman Balint wrote:
what is the funny saft (487 - udp/tcp) port? Is that a possible security
hole?
It has had some issues...
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=sendfile
It's an IMHOunnecessary/IMHO protocol; if you aren't using it, remove
it.
--
Colin Phipps
.
On Thu, 8 Mar 2001, Kozman Balint wrote:
what is the funny saft (487 - udp/tcp) port? Is that a possible security
hole?
It has had some issues...
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=sendfile
It's an IMHOunnecessary/IMHO protocol; if you aren't using it, remove
it.
--
Colin Phipps
On Wed, Feb 07, 2001 at 11:39:36AM +1300, Matthew Sherborne wrote:
Because there were quite a few insecure temp file creation reports a while
ago, perhaps some of us should use this tool to find more ASAP.
Agreed, it would only take a few people using good tools to detect these
and these
On Wed, Feb 07, 2001 at 11:39:36AM +1300, Matthew Sherborne wrote:
Because there were quite a few insecure temp file creation reports a while
ago, perhaps some of us should use this tool to find more ASAP.
Agreed, it would only take a few people using good tools to detect these
and these
On Thu, Dec 21, 2000 at 08:12:14PM +0100, Christian Kurz wrote:
On 00-12-21 Colin Phipps wrote:
On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
And who will create this key? Who will have the passphrase? Who will
sign the packages?
Someone on master.debian.org
On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
[ Would you please stop those Ccs to me?]
If you don't want CC's then fix your mail headers:
Mail-Followup-To: Christian Kurz [EMAIL PROTECTED], [EMAIL PROTECTED]
On 00-12-21 Colin Phipps wrote:
No, I tried to explain why
with this official
key, and then mirror both the files and their signatures (as kernel.org do).
--
Colin Phippshttp://www.netcraft.com/
On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
[ Would you please stop those Ccs to me?]
If you don't want CC's then fix your mail headers:
Mail-Followup-To: Christian Kurz [EMAIL PROTECTED],
debian-security@lists.debian.org
On 00-12-21 Colin Phipps wrote:
No, I tried
if it can be installed with a useful default
configuration. And maybe Conflicts: a few of the more obviously insecure
services. And I'd have it selected by default on all new installations,
but I suspect that's unlikely to happen.
/IMHO :-)
--
Colin Phippshttp://www.cph.d
be installed with a useful default
configuration. And maybe Conflicts: a few of the more obviously insecure
services. And I'd have it selected by default on all new installations,
but I suspect that's unlikely to happen.
/IMHO :-)
--
Colin Phippshttp://www.cph.demon.co.uk/
be surprised to find your
syslog busier if you try it, some programs are very bad about temp
files :-( (cvs is a bad culprit for instance).
--
Colin Phippshttp://www.netcraft.com/
(kernel patch) is not. I'd be
interested to see a working version of this if someone has done it.
--
Colin Phippshttp://www.netcraft.com/
...
--
Colin Phippshttp://www.netcraft.com/
. Clearly it has NO security value
unless you set their PATH to a directory with only the few commands you
want them to be allowed to run.
--
Colin Phipps [EMAIL PROTECTED]http://www.netcraft.com/
On Fri, Oct 20, 2000 at 09:25:34AM -0500, Ted Cabeen wrote:
In message [EMAIL PROTECTED], Petr Cech writes:
On Fri, Oct 20, 2000 at 01:32:54PM +0300 , Mikko Kilpikoski wrote:
I'm unable to reach security.debian.org or nonus.debian.org
and can't find a mirror for security.debian.org. Is
On Fri, Oct 20, 2000 at 09:25:34AM -0500, Ted Cabeen wrote:
In message [EMAIL PROTECTED], Petr Cech writes:
On Fri, Oct 20, 2000 at 01:32:54PM +0300 , Mikko Kilpikoski wrote:
I'm unable to reach security.debian.org or nonus.debian.org
and can't find a mirror for security.debian.org. Is
On Thu, Oct 19, 2000 at 12:26:33PM +0100, Sergio Brandano wrote:
This is a little confusing. I have that nterm is the name of the
service in port 1026, and I have gnome-session listening to it.
Ports above 1024 are free for any user program like gnome-session to use.
It's nothing to do with
.
Colin
--
Colin Phipps [EMAIL PROTECTED] GPG KeyID 0xD9D8668E
pgp7vi4pcl7Je.pgp
Description: PGP signature
38 matches
Mail list logo