I can only assume from lack of criticism that either:
1) This is a completely great idea with no cons and thus worthy of
time to implement
or
2) The topic has been ignored
Is it reasonable to allocate a 8KiB buffer for a bit vector covering
2*16 ports? Should I instead just focus on a
I can only assume from lack of criticism that either:
1) This is a completely great idea with no cons and thus worthy of
time to implement
or
2) The topic has been ignored
Is it reasonable to allocate a 8KiB buffer for a bit vector covering
2*16 ports? Should I instead just focus on a
On 2015-12-16 09:52, Jason Newton wrote:
How about changing how this mechanism works from a range of the lowest
N ports and instead have it as a user specifiable set? Towards more
proper security, this allows distros/admins to put any ports they
consider important to have security feature going
How about changing how this mechanism works from a range of the lowest
N ports and instead have it as a user specifiable set? Towards more
proper security, this allows distros/admins to put any ports they
consider important to have security feature going well beyond the
current limit without
On 2015-12-16 09:52, Jason Newton wrote:
How about changing how this mechanism works from a range of the lowest
N ports and instead have it as a user specifiable set? Towards more
proper security, this allows distros/admins to put any ports they
consider important to have security feature going
How about changing how this mechanism works from a range of the lowest
N ports and instead have it as a user specifiable set? Towards more
proper security, this allows distros/admins to put any ports they
consider important to have security feature going well beyond the
current limit without
On Mon, Dec 14, 2015 at 2:39 PM, One Thousand Gnomes
wrote:
>> Perhaps lets consider this in another way if it is strongly held that
>> this is worth while in the default configuration: can it default off
>> in the context of selinux / other security frameworks (preferably
>> based on their
On Mon, Dec 14, 2015 at 8:39 PM, One Thousand Gnomes
wrote:
>> Perhaps lets consider this in another way if it is strongly held that
>> this is worth while in the default configuration: can it default off
>> in the context of selinux / other security frameworks (preferably
>> based on their
> Perhaps lets consider this in another way if it is strongly held that
> this is worth while in the default configuration: can it default off
> in the context of selinux / other security frameworks (preferably
> based on their detection and/or controllably settable at runtime)?
> Those allow more
On 2015-12-14 11:13, Jason Newton wrote:
On Mon, Dec 14, 2015 at 10:25 AM, One Thousand Gnomes
wrote:
Is there disagreement on my views or points?
Yes 8)
You don't really want someone racing you to set up a fake ssh service on
your system to steal all the passwords do you ?
Alan
Hasn't
On Mon, Dec 14, 2015 at 10:25 AM, One Thousand Gnomes
wrote:
>> Is there disagreement on my views or points?
>
> Yes 8)
>
> You don't really want someone racing you to set up a fake ssh service on
> your system to steal all the passwords do you ?
>
> Alan
Hasn't been a problem yet, for me. I
> So it's been quite some time since this topic was covered in any
> capacity, and it's worth asking now: does it make sense to keep this
> ancient security bit around? Does it make a modicum of improvement to
Yes.
> Is there disagreement on my views or points?
Yes 8)
You don't really want
I've noted through years difficulties in getting programs in java or
python to work in Linux correctly when binding to a "privileged port",
requiring various forms of hoop jumping (use of capabilities, iptables
redirection, authbind, and the classic newbie mistake of running the
program as root)
> So it's been quite some time since this topic was covered in any
> capacity, and it's worth asking now: does it make sense to keep this
> ancient security bit around? Does it make a modicum of improvement to
Yes.
> Is there disagreement on my views or points?
Yes 8)
You don't really want
On Mon, Dec 14, 2015 at 10:25 AM, One Thousand Gnomes
wrote:
>> Is there disagreement on my views or points?
>
> Yes 8)
>
> You don't really want someone racing you to set up a fake ssh service on
> your system to steal all the passwords do you ?
>
> Alan
Hasn't been
I've noted through years difficulties in getting programs in java or
python to work in Linux correctly when binding to a "privileged port",
requiring various forms of hoop jumping (use of capabilities, iptables
redirection, authbind, and the classic newbie mistake of running the
program as root)
On Mon, Dec 14, 2015 at 8:39 PM, One Thousand Gnomes
wrote:
>> Perhaps lets consider this in another way if it is strongly held that
>> this is worth while in the default configuration: can it default off
>> in the context of selinux / other security frameworks
> Perhaps lets consider this in another way if it is strongly held that
> this is worth while in the default configuration: can it default off
> in the context of selinux / other security frameworks (preferably
> based on their detection and/or controllably settable at runtime)?
> Those allow more
On 2015-12-14 11:13, Jason Newton wrote:
On Mon, Dec 14, 2015 at 10:25 AM, One Thousand Gnomes
wrote:
Is there disagreement on my views or points?
Yes 8)
You don't really want someone racing you to set up a fake ssh service on
your system to steal all the
On Mon, Dec 14, 2015 at 2:39 PM, One Thousand Gnomes
wrote:
>> Perhaps lets consider this in another way if it is strongly held that
>> this is worth while in the default configuration: can it default off
>> in the context of selinux / other security frameworks
20 matches
Mail list logo