Re: pam 1.6.1-2 breaks sudo password
Hi there, On Fri, Apr 12, 2024 at 11:36:43AM +0200, Martin Rys wrote: > > FYI, the "idiotic default" may feel less annoying when you use the > > documented solution > > Would be great if one got this as an error message when the logins > start timing out. > > Unfortunately that's not the case, the UX is beyond terrible, you get > the same identical error for a WRONG password as for the TIMED OUT > password, making people waste time and be frustrated to the point of > going on mailing lists. It's common practice to not give an attacker more info than needed, so "wrong password" and "locked user" is most likely intended to give the same error message. -- Georg signature.asc Description: PGP signature
Re: `makepkg` generates two packages
That's not a split package, it's a package built with debug symbols for analyses and debugging purposes. See https://wiki.archlinux.org/title/Debuginfod for more info. I see, thanks. Sorry for the confusion.
Re: `makepkg` generates two packages
hi, when I run `makepkg`, it generates a second package with the `-debug` "extension" (eg. `mypackage-w.x.y-z-x86_64.pkg.tar.zst` and `mypackage-debug-w.x.y-z-x86_64.pkg.tar.zst`). I couldn't find anything about this on the wiki : is this a new feature and/or is there a parameter to pass to `makepkg` to avoid building it ? regards, lacsaP. You are building a split package [0]. Thats a feature, not a bug. [0] https://man.archlinux.org/man/PKGBUILD.5#PACKAGE_SPLITTING
Postorius configuration help
Hi list, I'm looking for a good description for postorius configuration. The Arch wiki is unclear to me, and the mailman documentation points to postorius.org configuration, who then points to another mailman doc providing little info on the actual configuration. Long story short, I'm failing to set up postorius so I can create users and let them log in. It would be highly appreciated if someone proficient in this topic is willing to walk me throuh. I'd then amend the wiki for more clarity. Thanks in advance Georg
Re: [arch-general] definition of "orphan"
With a community agreement as a backup it is much easier to create change requests for the individual tools. You won't find a "community agreement" or similar by reiterating the same points over and over. Make a proposal at the relevant places or leave it, but this topic has made enough noise on this list. my 2¢… Georg
Re: [arch-general] CVE-2021-3156 (Heap-Based Buffer Overflow in Sudo)
Am 29.01.2021 18:20, schrieb Łukasz Michalski via arch-general: Hi, Just checked my servers and all were vulnerable: [zork@archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'` malloc(): corrupted top size Aborted (core dumped) Updating to the latest version (sudo-1.9.5.p2-1) closed this vulnerability. Maybe this should be posted as arch news message? Regards, Łukasz There has been an ASA on arch-security [0] on top of huge press coverage, that should suffice. [0] https://lists.archlinux.org/pipermail/arch-security/2021-January/001699.html
