Yes.
At Sat, 12 Sep 2009 23:33:43 +0200,
Javier Serrano Polo wrote:
>
> Dear Junichi,
>
> In default environments, granting "sudo pbuilder" is the same as
> granting a shell. I don't believe users are aware of this. Is it an
> intended behaviour?
>
> Thanks.
>
--
To UNSUBSCRIBE, email to de
junichi
The following is a full posting I made to debian-security@lists.debian.org:
At Sat, 07 Jan 2006 21:44:24 +0900,
Junichi Uekawa wrote:
>
> Hi,
>
> > > Hi,
> > >
> > > I am wondering what the security implications of having a LOAD_PATH
>
Hi,
> > Hi,
> >
> > I am wondering what the security implications of having a LOAD_PATH
> > that includes '.' is.
>
> Gerenally speaking, having . in any path is a bad idea. You are correct
> to feel uneasy about it. Can . not be prepended to the path
> specifically if desired (as in the shell
Hi,
I am wondering what the security implications of having a LOAD_PATH
that includes '.' is.
Debian includes software that is written in ruby, and is executed with
root privilege, such as apt-listbugs.
LOAD_PATH is the list of path that ruby library (MODULE.rb, MODULE.so)
is searched against. T
> > dpkg?
> >
> > dpkg -i filename.deb
>
> Not even close. For instance:
You may want to look at anna and udpkg, maybe.
regards,
junichi
> > dpkg?
> >
> > dpkg -i filename.deb
>
> Not even close. For instance:
You may want to look at anna and udpkg, maybe.
regards,
junichi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
I'm not quite sure if I follow what is happening.
So, what is the problem ?
I presume you are installing debsig-verify
within chroot.
And is the problem that debsig-verify is being ran in an unpacked but not
yet configured state, or is it something else ?
> Turns out I wasn't imagining
Hi,
I'm not quite sure if I follow what is happening.
So, what is the problem ?
I presume you are installing debsig-verify
within chroot.
And is the problem that debsig-verify is being ran in an unpacked but not
yet configured state, or is it something else ?
> Turns out I wasn't imagining
> > Some mail I try to reply have latin-1
> > chars.
> >
> > They will be translated to Japanese charset when I
> > reply to them, so people are conveniently
> > blocking some of my mail,
> > which is immensely annoying.
>
> Does that happen when you are replying in English, or only for Japan
> > Some mail I try to reply have latin-1
> > chars.
> >
> > They will be translated to Japanese charset when I
> > reply to them, so people are conveniently
> > blocking some of my mail,
> > which is immensely annoying.
>
> Does that happen when you are replying in English, or only for Japan
> I try to block on character sets: ie.,
>
> ^Content-Type.*charset.*[gG][bB]2312
>
> This catches quite a few spams I can't read.
>
Some mail I try to reply have latin-1
chars.
They will be translated to Japanese charset when I
reply to them, so people are conveniently
blocking some of my
> I try to block on character sets: ie.,
>
> ^Content-Type.*charset.*[gG][bB]2312
>
> This catches quite a few spams I can't read.
>
Some mail I try to reply have latin-1
chars.
They will be translated to Japanese charset when I
reply to them, so people are conveniently
blocking some of my
"Peter Lieven" <[EMAIL PROTECTED]> cum veritate scripsit:
> is the "OpenSSH_3.0.2p1" version avaiable in the testing/unstable tree
> already patched
> against the "March 7, 2002: Off-by-one error in the channel code" security
> hole?
yes.
"Peter Lieven" <[EMAIL PROTECTED]> cum veritate scripsit:
> is the "OpenSSH_3.0.2p1" version avaiable in the testing/unstable tree already
>patched
> against the "March 7, 2002: Off-by-one error in the channel code" security hole?
yes.
. I'm referring to
> remote people using a scp client to access my linux machine. You can
> disable sftp ability by removing the sftp-server program but the scp
> server part seems to be part of sshd.
I'd be interested to know how you give scp access without
giving shell
. I'm referring to
> remote people using a scp client to access my linux machine. You can
> disable sftp ability by removing the sftp-server program but the scp
> server part seems to be part of sshd.
I'd be interested to know how you give scp access without
giving shell
and proceed to filing bugs against those packages.
regards,
junichi
--
[EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4
to filing bugs against those packages.
regards,
junichi
--
[EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
On Tue, 1 Jan 2002 02:26:58 -0800 (PST)
Nicole Zimmerman <[EMAIL PROTECTED]> wrote:
> You should have a "device" /dev/cdrom that is a symbolic link to your real
> CDROM device (/dev/hdc?). This link should be owned by root:cdrom.
Not the link, the real file.
/dev/hdc, or whatever it may be need
On Tue, 1 Jan 2002 02:26:58 -0800 (PST)
Nicole Zimmerman <[EMAIL PROTECTED]> wrote:
> You should have a "device" /dev/cdrom that is a symbolic link to your real
> CDROM device (/dev/hdc?). This link should be owned by root:cdrom.
Not the link, the real file.
/dev/hdc, or whatever it may be nee
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
22 matches
Mail list logo