Re: Kernel parameters protecting fifos and regular files
On 1/28/20 9:23 PM, Craig Small wrote: > My personal preference is to lock them down by default, by setting both > to mode 2. FWIW: I agree. Unless massive breakage is expected, the default should be the most secure option. If you default to secure and that breaks something, people will be motivated to fix it (either the root issue or by changing the setting). If you default to compatible, very few people will find the option and tweak it, so most people will lose out on the security. If there is massive breakage, you can back it off, of course. -- Richard signature.asc Description: OpenPGP digital signature
Bug#950125: ITP: go-mmproxy -- Golang implementation of mmproxy
Package: wnpp Severity: wishlist Owner: Dmitry Smirnov X-Debbugs-CC: debian-devel@lists.debian.org, pkg-go-maintain...@lists.alioth.debian.org Package name: go-mmproxy Version: 1.0 Upstream Author: Path Network, Inc. License: BSD-3-Clause~Google URL: https://github.com/path-network/go-mmproxy Vcs-Browser: https://salsa.debian.org/go-team/packages/go-mmproxy Description: Golang implementation of mmproxy 'go-mmproxy' is a standalone application that unwraps HAProxy's PROXY-protocol so that the TCP connection to the end server comes from client's - instead of proxy server's - IP address and port number. . This is a Golang reimplementation of mmproxy created to improve on mmproxy's runtime stability while providing potentially greater performance in terms of connection and packet throughput. signature.asc Description: This is a digitally signed message part.
Kernel parameters protecting fifos and regular files
Hi, About 2 years ago the procps package added protection for hard and soft symlinks. The bug report was 889098 and has seemed to work fine. There is also now bug #914859 which would extend this same protection for other files, as mentioned in [1] On the one hand, having all these file types protected by default would be very nice. On the other, it may break things in odd ways though I suspect this is quite rare. A system administrator is, of course, able to set these to whatever they would like, but what should the default be? My personal preference is to lock them down by default, by setting both to mode 2. However the impact is way more than my handful of systems I use, hence the wider email. Putting it another way, are there any real strong reasons for not doing this? - Craig 1: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5
Bug#950119: ITP: gajim-syntaxhighlight -- highlights source code blocks in chat window
Package: wnpp Severity: wishlist Owner: Martin * Package name: gajim-syntaxhighlight Version : 1.2.5 Upstream Author : Florian Muenchbach * URL : https://dev.gajim.org/gajim/gajim-plugins/-/wikis/syntaxhighlightplugin * License : GPL3 Programming Lang: Python Description : highlights source code blocks in chat window It uses markdown-style syntax, i.e. text in-between `single backticks` is rendered as inline code, ```language selection is possible in multi-line code snippets in between triple-backticks Note the newlines in this case… ```
Bug#950109: ITP: chez-srfi -- SRFI libraries for Chez Scheme
Package: wnpp Severity: wishlist Owner: Göran Weinholt * Package name: chez-srfi Version : git checkout Upstream Author : Aaron W. Hsu * URL : https://github.com/arcfide/chez-srfi/ * License : mainly MIT/X and BSD Programming Lang: Scheme Description : SRFI libraries for Chez Scheme SRFI stands for Scheme Requests For Implementation. It is a standardization process for extensions to the programming language Scheme. Since its start in 1998, the project has been working for portability between Scheme implementations. . This package provides SRFI implementations primarily developed for Chez Scheme. Most of the libraries are however fully portable to other R6RS implementations. Almost all Scheme compilers come with a few SRFIs, but Chez Scheme does not come with any. Yet most Scheme code, including my own, depends on some SRFIs. I'm working with upstream to resolve some license issues. I will maintain this package myself, but would like to see some coordinated maintenance of Scheme in Debian.
Bug#950095: ITP: pyout -- interface for writing structured records as a table in a terminal
Package: wnpp Severity: wishlist Owner: Yaroslav Halchenko * Package name: pyout Version : 0.5.0 Upstream Author : Kyle Meyer * URL : https://github.com/pyout/pyout * License : MIT/X Programming Lang: Python Description : interface for writing structured records as a table in a terminal pyout is a Python package that defines an interface for writing structured records as a table in a terminal. It is being developed to replace custom code for displaying tabular data in in ReproMan and DataLad. . A primary goal of the interface is the separation of content from style and presentation. Current capabilities include . - automatic width adjustment and updating of previous values - styling based on a field value or specified interval - defining a transform function that maps a raw value to the displayed value - defining a summary function that generates a summary of a column (e.g., value totals) - support for delayed, asynchronous values that are added to the table as they come in This package is needed for other upcoming ITPs, and eventually might also be used in already existing packages (e.g. datalad) The plan is to team maintain it within Debian Python Modules Team, since pyout is of general utility.
Bug#950085: ITP: mbpoll -- command line utility to communicate with ModBus slave (RTU or TCP)
Package: wnpp Severity: wishlist Owner: Martin * Package name: mbpoll Version : 1.4.11 Upstream Author : Pascal JEAN * URL : https://github.com/epsilonrt/mbpoll * License : GPL-3+ Programming Lang: C Description : command line utility to communicate with ModBus slave (RTU or TCP) mbpoll is a command line utility to communicate with ModBus slave (RTU or TCP). It uses libmodbus (http://libmodbus.org/). Although the syntax of these options is very close modpoll proconX program, it is a completely independent project. . mbpoll can: . - read discrete inputs - read and write binary outputs (coil) - read input registers - read and write output registers (holding register) . The reading and writing registers may be in decimal, hexadecimal or floating single precision. I'm will maintain this in an appropriate team. Science team seems to fit.
Bug#950029: ITP: python-gvm -- Greenbone Vulnerability Management Python Library
Package: wnpp Severity: wishlist Owner: Sophie Brun * Package name: python-gvm Version : 1.2.0 Upstream Author : Greenbone Networks GmbH * URL : https://github.com/greenbone/python-gvm * License : GPL-3+ Programming Lang: Python3 Description : Greenbone Vulnerability Management Python Library The Greenbone Vulnerability Management Python API library is a collection of APIs that help with remote controlling a Greenbone Security Manager (GSM) appliance and its underlying Greenbone Vulnerability Manager (GVM). The library essentially abstracts accessing the communication protocols Greenbone Management Protocol (GMP) and Open Scanner Protocol (OSP). It's required by the gvm-tools package (which replaces openvas-cli). I plan to maintain it within the pkg-security team with the other openvas/ greenbone packages.
Bug#950017: ITP: imx-code-signing-tool -- code signing tool for i.MX platform
Package: wnpp Severity: wishlist Owner: Andrej Shadura * Package name: imx-code-signing-tool Version : 3.3.0 Upstream Author : NXP * URL : https://www.nxp.com/pip/IMX_SW2 * License : BSD-3 Programming Lang: C Description : code signing tool for i.MX platform This package provides a code signing tool for signing images for i.MX-based NXP processors using High Assurance Boot (HABv4) library in the internal boot ROM or the Advanced High Assurance Boot (AHAB) subsystem. . This package also provides a variety of support scripts.
Bug#950004: ITP: ppx-variants-conv -- generation of accessor and iteration functions for OCaml variant types
Package: wnpp Severity: wishlist Owner: Stéphane Glondu * Package name: ppx-variants-conv Version : 0.13.0 Upstream Author : Jane Street Group, LLC * URL : https://github.com/janestreet/ppx_variants_conv * License : MIT Programming Lang: OCaml Description : generation of accessor and iteration functions for OCaml variant types ppx_variants_conv is a ppx rewriter that can be used to define first class values representing variant constructors, and additional routines to fold, iterate and map over all constructors of a variant type. This package is a new dependency of sexplib310. It will be maintained in the OCaml team.
Bug#950002: ITP: ppx-custom-printf -- printf-style format-strings for user-defined string conversion
Package: wnpp Severity: wishlist Owner: Stéphane Glondu * Package name: ppx-custom-printf Version : 0.13.0 Upstream Author : Jane Street Group, LLC * URL : https://github.com/janestreet/ppx_custom_printf * License : MIT Programming Lang: OCaml Description : printf-style format-strings for user-defined string conversion ppx_custom_printf is a ppx rewriter that allows the use of user-defined string conversion functions in format strings (that is, strings passed to printf, sprintf, etc.). . No new syntax is introduced. Instead a previously ill-typed use of the ! operator is re-purposed. This package is a new dependency of sexplib310. Il will be maintained in the OCaml team.
Bug#950003: ITP: ppx-fields-conv -- generation of accessor and iteration functions for OCaml records
Package: wnpp Severity: wishlist Owner: Stéphane Glondu * Package name: ppx-fields-conv Version : 0.13.0 Upstream Author : Jane Street Group, LLC * URL : https://github.com/janestreet/ppx_fields_conv * License : MIT Programming Lang: OCaml Description : generation of accessor and iteration functions for OCaml records ppx_fields_conv is a ppx rewriter that can be used to define first class values representing record fields, and additional routines, to get and set record fields, iterate and fold over all fields of a record and create new record values. This package is a new dependency of sexplib310. Il will be maintained in the OCaml team.
