Re: ping22: can not kill this process
Quoting Luis Mondesi ([EMAIL PROTECTED]): > Good one! LOL > > spilling ugly db*connect() errors to the world to see is not very > secure indeed. or how about: foo() could not open /etc/my-secret-users > file Which is of course why you also want these in php.ini: log_errors = On error_log = syslog display_errors = Off -- Cheers, I have /usr/sbin/coffee mounted from /dev/mug right now, Rick Moen and you can't have it. Oh no, I just tried to seek past [EMAIL PROTECTED] end-of-beverage. *sigh* -- Graham Reed, in The Monastery -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ping22: can not kill this process
On 5 Jan 2008 16:33:07 GMT, Paul Hink <[EMAIL PROTECTED]> wrote: > Thomas Hochstein <[EMAIL PROTECTED]> wrote: > > > Raphael Geissert schrieb: > > > >>> disable_functions = dl, phpinfo, system, mail, include, shell_exec, > >>> exec, > >> > >> include()? I don't want to imagine how many scripts will break. > > > > A script that doesn't run is a *very* secure script. > > That depends on the error handling. Good one! LOL spilling ugly db*connect() errors to the world to see is not very secure indeed. or how about: foo() could not open /etc/my-secret-users file -- )(- Luis Mondesi Maestro Debiano - START ENCRYPTED BLOCK (Triple-ROT13) -- Gur Hohagh [Yvahk] qvfgevohgvba oevatf gur fcvevg bs Hohagh gb gur fbsgjner jbeyq. - END ENCRYPTED BLOCK (Triple-ROT13) -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ping22: can not kill this process
Thomas Hochstein <[EMAIL PROTECTED]> wrote: > Raphael Geissert schrieb: > >>> disable_functions = dl, phpinfo, system, mail, include, shell_exec, >>> exec, >> >> include()? I don't want to imagine how many scripts will break. > > A script that doesn't run is a *very* secure script. That depends on the error handling. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code
On Sat Jan 05, 2008 at 15:11:22 +, Steve Kemp wrote: > - > Debian Security Advisory DSA-1448-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Steve Kemp > January 05, 2008 http://www.debian.org/security/faq > - Apologies for sending this mail out twice. Steve -- pgpaHHCCiWhkf.pgp Description: PGP signature
Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
On Don, 2008-01-03 at 22:54 +0100, Moritz Muehlenhoff wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - > Debian Security Advisory DSA-1447-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Moritz Muehlenhoff > January 03, 2008 http://www.debian.org/security/faq > - > > Package: tomcat5.5 > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 > CVE-2007-5461 > installing the update breaks webapps with the following error org.apache.commons.logging.LogConfigurationException: java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read) (Caused by java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read)) (it worked before the update and permission are set correctly, i double checked) this is also the case for tomcat5.5-webapps packages which doesnt work anymore. best regards, michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ping22: can not kill this process
Raphael Geissert schrieb: >> disable_functions = dl, phpinfo, system, mail, include, shell_exec, exec, > > include()? I don't want to imagine how many scripts will break. A script that doesn't run is a *very* secure script. -thh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]