Re: MacOS X SoftwareUpdate Vulnerability

2002-07-12 Thread gabriel rosenkoetter
ur router and spoof the IP address. Updates must at least be checksummed and really ought to be cryptographically signed. Period. -- gabriel rosenkoetter [EMAIL PROTECTED] msg08417/pgp0.pgp Description: PGP signature

Re: MacOSX 10.0.X Permissions uncorrectly set

2001-07-01 Thread gabriel rosenkoetter
On Fri, Jun 29, 2001 at 10:25:00AM +0200, patpro wrote: > Sounds like pax installer used to design .pkg has something to do with this > behavior. I've been staying largely out of this discussion since I have not used (nor do I intend to use) MacOS X, but I have a hard time countenancing such a sl

Re: vixie cron possible local root compromise

2001-02-13 Thread gabriel rosenkoetter
On Tue, Feb 13, 2001 at 03:54:00PM -0500, Alan DeKok wrote: > I find this attitude amazing. You don't understand why other people > would want to have usernames longer than 8 characters, so you're > willing to blame *their* systems for security problems when insecure > applications are executed

Re: vixie cron possible local root compromise

2001-02-13 Thread gabriel rosenkoetter
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote: > When crontab has determined the name of the user calling crontab (using > getpwuid()), > the login name is stored in a 20 byte buffer using the strcpy() function > (which does no bounds checking). 'useradd' (the utility used to add users

Re: Mac OS 9 Idle Lock Bug

1999-11-01 Thread gabriel rosenkoetter
On Fri, Oct 29, 1999 at 09:57:18AM +0200, Flothow, Sebastian wrote: > so you can log out the current user and quit all apps without having to > enter a password? i think this is the real security flaw, not apps which ask > wether you want to save changes. No, the dialogs still show up if you try