Hi,
I am wondering what the security implications of having a LOAD_PATH
that includes '.' is.
Debian includes software that is written in ruby, and is executed with
root privilege, such as apt-listbugs.
LOAD_PATH is the list of path that ruby library (MODULE.rb, MODULE.so)
is searched against. T
Hi,
> > Hi,
> >
> > I am wondering what the security implications of having a LOAD_PATH
> > that includes '.' is.
>
> Gerenally speaking, having . in any path is a bad idea. You are correct
> to feel uneasy about it. Can . not be prepended to the path
> specifically if desired (as in the shell
junichi
The following is a full posting I made to debian-security@lists.debian.org:
At Sat, 07 Jan 2006 21:44:24 +0900,
Junichi Uekawa wrote:
>
> Hi,
>
> > > Hi,
> > >
> > > I am wondering what the security implications of having a LOAD_PATH
>
> I try to block on character sets: ie.,
>
> ^Content-Type.*charset.*[gG][bB]2312
>
> This catches quite a few spams I can't read.
>
Some mail I try to reply have latin-1
chars.
They will be translated to Japanese charset when I
reply to them, so people are conveniently
blocking some of my
> > Some mail I try to reply have latin-1
> > chars.
> >
> > They will be translated to Japanese charset when I
> > reply to them, so people are conveniently
> > blocking some of my mail,
> > which is immensely annoying.
>
> Does that happen when you are replying in English, or only for Japan
Hi,
I'm not quite sure if I follow what is happening.
So, what is the problem ?
I presume you are installing debsig-verify
within chroot.
And is the problem that debsig-verify is being ran in an unpacked but not
yet configured state, or is it something else ?
> Turns out I wasn't imagining
> > dpkg?
> >
> > dpkg -i filename.deb
>
> Not even close. For instance:
You may want to look at anna and udpkg, maybe.
regards,
junichi
> I try to block on character sets: ie.,
>
> ^Content-Type.*charset.*[gG][bB]2312
>
> This catches quite a few spams I can't read.
>
Some mail I try to reply have latin-1
chars.
They will be translated to Japanese charset when I
reply to them, so people are conveniently
blocking some of my
> > Some mail I try to reply have latin-1
> > chars.
> >
> > They will be translated to Japanese charset when I
> > reply to them, so people are conveniently
> > blocking some of my mail,
> > which is immensely annoying.
>
> Does that happen when you are replying in English, or only for Japan
Hi,
I'm not quite sure if I follow what is happening.
So, what is the problem ?
I presume you are installing debsig-verify
within chroot.
And is the problem that debsig-verify is being ran in an unpacked but not
yet configured state, or is it something else ?
> Turns out I wasn't imagining
> > dpkg?
> >
> > dpkg -i filename.deb
>
> Not even close. For instance:
You may want to look at anna and udpkg, maybe.
regards,
junichi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Yes.
At Sat, 12 Sep 2009 23:33:43 +0200,
Javier Serrano Polo wrote:
>
> Dear Junichi,
>
> In default environments, granting "sudo pbuilder" is the same as
> granting a shell. I don't believe users are aware of this. Is it an
> intended behaviour?
>
> Thanks.
>
--
To UNSUBSCRIBE, email to de
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
On Tue, 1 Jan 2002 02:26:58 -0800 (PST)
Nicole Zimmerman <[EMAIL PROTECTED]> wrote:
> You should have a "device" /dev/cdrom that is a symbolic link to your real
> CDROM device (/dev/hdc?). This link should be owned by root:cdrom.
Not the link, the real file.
/dev/hdc, or whatever it may be nee
to filing bugs against those packages.
regards,
junichi
--
[EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
. I'm referring to
> remote people using a scp client to access my linux machine. You can
> disable sftp ability by removing the sftp-server program but the scp
> server part seems to be part of sshd.
I'd be interested to know how you give scp access without
giving shell
"Peter Lieven" <[EMAIL PROTECTED]> cum veritate scripsit:
> is the "OpenSSH_3.0.2p1" version avaiable in the testing/unstable tree already
>patched
> against the "March 7, 2002: Off-by-one error in the channel code" security hole?
yes.
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
On Tue, 1 Jan 2002 02:26:58 -0800 (PST)
Nicole Zimmerman <[EMAIL PROTECTED]> wrote:
> You should have a "device" /dev/cdrom that is a symbolic link to your real
> CDROM device (/dev/hdc?). This link should be owned by root:cdrom.
Not the link, the real file.
/dev/hdc, or whatever it may be need
and proceed to filing bugs against those packages.
regards,
junichi
--
[EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4
. I'm referring to
> remote people using a scp client to access my linux machine. You can
> disable sftp ability by removing the sftp-server program but the scp
> server part seems to be part of sshd.
I'd be interested to know how you give scp access without
giving shell
"Peter Lieven" <[EMAIL PROTECTED]> cum veritate scripsit:
> is the "OpenSSH_3.0.2p1" version avaiable in the testing/unstable tree
> already patched
> against the "March 7, 2002: Off-by-one error in the channel code" security
> hole?
yes.
22 matches
Mail list logo