On Saturday 22 Oct 2011, valdis.kletni...@vt.edu wrote:
If you had your way, would you see it implemented as /tmp/USER
/USER/tmp, or some other way?
It should be site-configurable - some places may have a large fast
/tmp area and they want a per-user directory on that disk space.
Other
On 22 Oct 2011, at 07:06, Raj Mathur (राज माथुर) wrote:
At first sight, the best option from that point of view seems to be a
per-user tmp under /tmp/$USER/ and mount /tmp noexec, nosuid. If you
choose the ~$USER/tmp option, you'll probably have to do some userfs
jugglery to achieve
Actually, no; per user /tmp could only be accomplished, without a major
redesign and without breaking almost every application
[citation needed] ;-)
Only a fraction of apps uses /tmp... vendors can fix their own
distros: grepping for /tmp isn't complicated, and almost every
package usually
b...@fbi.dhs.org wrote:
bashbug:
/usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
Maybe I should use bashbug to report a bug in bashbug?
I took a quick look, it's actually using mkdir to create a temporary
directory in /tmp, which it uses for collecting support files.
This is actually a safe
Hi Chris,
You're right: File browse dialogs change the CWD and this contributes
essentially to the exploitability of the bug in question. While it's possible
to prevent these dialogs from *keeping* the CWD where the user OK'ed a selected
file/folder (see
I apologize as my search wasn't a complex method, just a quick grep for
signs of /tmp misuse. Indeed creating a directory under /tmp is a safeway
to handle tmp files.
b...@fbi.dhs.org wrote:
bashbug:
/usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
Maybe I should use bashbug to report a bug in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2011 11:14 AM, full-disclosure-requ...@lists.grok.org.uk wrote:
If you had your way, would you see it implemented as /tmp/USER
/USER/tmp, or some other way?
per_user_tmp=yes ?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Sorry for the top posting.
No, top posting is the *correct* way to do things, which most people on
this list don't seem to realize. Instead they quote *everything* and
then respond on the bottom. Yikes.
In fedorable distro Almost pam namespace can do this. It was born from
a selinux project,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:159
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:160
http://www.mandriva.com/security/
jara 1.6 sql injection vulnerability
download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip
author muuratsalo
contact muuratsalo[at]gmail.com
exploit
http://localhost/jara/view.php?id=[SQL Injection]
___
Full-Disclosure - We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
stack exhaustion. it's seems to recursion problem for basic regular
expression. the same or similar problem exists in PCRE 8.12, allowing to
crash multiple applications
cx@cx64:/www$ cat crash0.php
?php
preg_match(/((.*)((!?.*)+)\\w+)/iU,str_repeat(
15 matches
Mail list logo