❦ 12 August 2021 11:38 +05, Andrey Rahmatullin:
>> >> I just ran across this article
>> >> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
>> >> the attacks on Debian 11 and they work successfully giving me a root
>> >> shell prompt.
>> > I don't think calling this "privile
On Thu, Aug 12, 2021 at 01:25:06AM -0500, Brian Thompson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Thu, 2021-08-12 at 11:19 +0500, Andrey Rahmatullin wrote:
> > On Thu, Aug 12, 2021 at 01:12:37AM -0500, Brian Thompson wrote:
> > > Would you agree that there is an issue with
On Thu, Aug 12, 2021 at 08:32:14AM +0200, Vincent Bernat wrote:
> >> I just ran across this article
> >> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> >> the attacks on Debian 11 and they work successfully giving me a root
> >> shell prompt.
> > I don't think calling this
❦ 12 August 2021 10:39 +05, Andrey Rahmatullin:
>> I just ran across this article
>> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
>> the attacks on Debian 11 and they work successfully giving me a root
>> shell prompt.
> I don't think calling this "privilege escalation"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2021-08-12 at 11:19 +0500, Andrey Rahmatullin wrote:
> On Thu, Aug 12, 2021 at 01:12:37AM -0500, Brian Thompson wrote:
> > Would you agree that there is an issue with sudo access that is
> > enabled
> > by default on most Debian and Debian-ba
On Thu, Aug 12, 2021 at 01:17:03AM -0500, Brian Thompson wrote:
> > > Thank you for bringing this to everyone's attention. This are very
> > > real
> > > vulnerabilities.
> > How are they vulnerabilities?
> They are vulnerabilities because the user is susceptible to this kind of
> attack by defaul
On Thu, Aug 12, 2021 at 01:12:37AM -0500, Brian Thompson wrote:
> Would you agree that there is an issue with sudo access that is enabled
> by default on most Debian and Debian-based distributions? The bug may
> not be in apt, but it definitely lives somewhere.
Do you think "sudo access" itself is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2021-08-12 at 10:44 +0500, Andrey Rahmatullin wrote:
> On Wed, Aug 11, 2021 at 10:55:44PM -0500, Brian Thompson wrote:
> > Thank you for bringing this to everyone's attention. This are very
> > real
> > vulnerabilities.
> How are they vulner
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2021-08-12 at 07:38 +0200, Niels Thykier wrote:
> Timothy M Butterworth:
> > All,
> >
> > I just ran across this article
> > https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I
> > tested
> > the attacks on Debian 11 and they wor
On Wed, Aug 11, 2021 at 10:55:44PM -0500, Brian Thompson wrote:
> Thank you for bringing this to everyone's attention. This are very real
> vulnerabilities.
How are they vulnerabilities?
> NPM has similar issues with stopping malicious packages from being
> published to the FTP server.
That's no
On Wed, Aug 11, 2021 at 11:30:27PM -0400, Timothy M Butterworth wrote:
> I just ran across this article
> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> the attacks on Debian 11 and they work successfully giving me a root
> shell prompt.
I don't think calling this "privile
Timothy M Butterworth:
> All,
>
> I just ran across this article
> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> the attacks on Debian 11 and they work successfully giving me a root
> shell prompt.
>
> Tim
>
Hi Tim,
All of the attacks presented assumes that the local
On Thu, Aug 12, 2021 at 3:22 AM Timothy M Butterworth wrote:
> Debian is missing KDE's Amarok music manager.
Amarok was removed as it required the obsolete Qt 4 library. Now that
upstream has finally ported it to Qt5, it could be reintroduced to
Debian.
https://tracker.debian.org/pkg/amarok
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2021-08-11 at 23:30 -0400, Timothy M Butterworth wrote:
> All,
>
> I just ran across this article
> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> the attacks on Debian 11 and they work successfully giving me a root
All,
I just ran across this article
https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
the attacks on Debian 11 and they work successfully giving me a root
shell prompt.
Tim
I am fine with Debian's release cycle but It would be nice to see more
packages. For example Debian is missing KDE's Amarok music manager. I
am happy to see Debian 11 gained KDE Elisa music manager. I am sad to
see that VirtualBox is not available on Debian 11. I had to jerry-rig
it using the Ubunt
On Wed, Aug 11, 2021 at 12:24 PM Xavier wrote:
> Second: a lot of package have also their public source repo. See
> https://tracker.debian.org and follow "VCS" links to access to
> git/svn/... repo.
Aside from the VCS links on packages that use a VCS, the package
tracker also links to sources.de
Hi Wouter,
sorry for the late reply but I think it's still relevant...
(just thus rather leaving almost full quote as context.)
On Thu, Jul 08, 2021 at 11:25:26AM +0200, Wouter Verhelst wrote:
> On Mon, Jul 05, 2021 at 12:31:10PM +, Holger Levsen wrote:
> > On Mon, Jul 05, 2021 at 02:09:36PM
On 2021-08-11 14:08 +0200, Hans wrote:
> And best: It is all GPL licensed,
It's all free software, but many licences are used, not just the GPL.
Wookey
--
Principal hats: Linaro, Debian, Wookware, ARM
http://wookware.org/
signature.asc
Description: PGP signature
On Wed, Aug 11, 2021 at 04:08:13PM +0200, Vincent Bernat wrote:
> I think we have more systemic issues. I am quite impressed how Nix/NixOS
> is able to pull so many packages and modules with so few people. But
> they use only one workflow, one way to package, one init system, etc.
> Looking at Arch
❦ 11 August 2021 11:27 +02, Steffen Möller:
> I have no exact idea what to change, though. A rolling Debian would be
> cool, yes, but also a bit late when compared with environments that
> Conda offers or the ease that comes with multiple installations of conda
> to e.g. avoid name conflicts. If
On Tue, Aug 10, 2021 at 03:19:10PM -0700, Josh Triplett wrote:
>Bastien Roucariès wrote:
>> I am going to compile shell.efi from source.
>>
>> I whish to install to something stable, but I need an arch triplet in order
>> to
>> put in a multiarch (like) location.
>>
>> I suppose that it will be
Am Mittwoch, 11. August 2021, 13:34:27 CEST schrieb Horler, Johannes:
Hi Johannes,
every code of every debian package in debian/main is downloadable from the
repo.
You also get all needed stuff for the most used compiler and interpereter
languages, C, python, perl, lua, java, whatever you want
On Wed, Aug 11, 2021 at 11:34:27AM +, Horler, Johannes wrote:
> Dear Debian Team,
>
>
> hopefully I am writing this to the right email address. (In case I am
> not, I would be happy about being refered.) Recently I got interested in
> operating systems. Now I want to try to experiment with mo
On 8/11/21 7:34 AM, Horler, Johannes wrote:
Dear Debian Team,
hopefully I am writing this to the right email address. (In case I am
not, I would be happy about being refered.) Recently I got interested
in operating systems. Now I want to try to experiment with modifying one.
Is the complet
Le 11/08/2021 à 13:34, Horler, Johannes a écrit :
> Dear Debian Team,
>
>
> hopefully I am writing this to the right email address. (In case I am
> not, I would be happy about being refered.) Recently I got interested in
> operating systems. Now I want to try to experiment with modifying one.
>
Dear Debian Team,
hopefully I am writing this to the right email address. (In case I am not, I
would be happy about being refered.) Recently I got interested in operating
systems. Now I want to try to experiment with modifying one.
Is the complete source code of any Debian Version available so
On 11.08.21 08:46, Marc Haber wrote:
On Wed, 11 Aug 2021 01:09:29 -0400, Calum McConnell
wrote:
On Wed, 2021-08-11 at 00:51 +, Paul Wise wrote:
On Tue, Aug 10, 2021 at 5:38 PM Andrey Rahmatullin wrote:
"So, Arch Linux, one of the main reasons, there's a couple, but the
main
reason is t
On Tue, 10 Aug 2021 at 15:19:10 -0700, Josh Triplett wrote:
> Bastien Roucariès wrote:
> > I suppose that [EFI] will be x86_64-efi-none (or maybe x86_64-windows-efi
> > ) and
> > i686-uefi-none ?
It's certainly not x86_64-windows-efi. The EFI environment isn't Windows
(even though it borrows
29 matches
Mail list logo