Re: DSA concerns for jessie architectures

Samuel Thibault, le Sun 30 Jun 2013 11:38:33 +0200, a écrit : > > lack of firewall support. > > Now that we use a userland driver for networking, it should be easy to > interpose at least a simple BPF filter, I have added the task here: > > https://savannah.gnu.org/task/index.php?12723 > > debia

hurd_20130727-1_hurd-i386.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 27 Jul 2013 22:37:17 + Source: hurd Binary: hurd-libs0.3 hurd hurd-dev hurd-dbg hurd-doc hurd-libs0.3-udeb hurd-udeb Architecture: source hurd-i386 all Version: 20130727-1 Distribution: unstable Urgency: low

Processing of hurd_20130727-1_hurd-i386.changes

hurd_20130727-1_hurd-i386.changes uploaded successfully to localhost along with the files: hurd_20130727-1.dsc hurd_20130727.orig-devnode.tar.bz2 hurd_20130727.orig-eth-filter.tar.bz2 hurd_20130727.orig-eth-multiplexer.tar.bz2 hurd_20130727.orig-libbpf.tar.bz2 hurd_20130727.orig-libdde-

Dropping privileges in various translators

Hi folks :) this is a patch series adding setnullauth () to libshouldbeinlibc and demonstrating its use for dropping unix privileges in the null and tmpfs translators. A nullauth utility is provided to start arbitrary programs without any privileges. This can be used to run the translator on /dev/

[PATCH 4/4] utils: add nullauth utility

nullauth drops all authentication credentials and runs the given program. This is also useful to drop privileges on behalf of translators that do not need any credentials in some circumstances, e.g. % settrans -ap /hurd/nullauth -- /hurd/storeio -Tzero makes storeio run without any credentials.

[PATCH 2/4] trans: drop privileges in the null translator

* trans/null.c (main): Drop privileges. --- trans/null.c |5 + 1 file changed, 5 insertions(+) diff --git a/trans/null.c b/trans/null.c index 1f985b3..8b3b4e0 100644 --- a/trans/null.c +++ b/trans/null.c @@ -31,6 +31,7 @@ #include #include #include +#include  const char *argp_pr

[PATCH 1/4] libshouldbeinlibc: Add nullauth.{c,h}

setnullauth () obtains an empty authentication handle and uses it for further authentication purposes. This effectively drops all Unix privileges. * libshouldbeinlibc/nullauth.c: New file. * libshouldbeinlibc/nullauth.h: Likewise. * libshouldbeinlibc/Makefile: Add nullauth.{c,h}. --- libshouldbe

[PATCH 3/4] tmpfs: drop privileges in the tmpfs translator

* tmpfs/tmpfs.c (main): Drop privileges. --- tmpfs/tmpfs.c |6 ++ 1 file changed, 6 insertions(+) diff --git a/tmpfs/tmpfs.c b/tmpfs/tmpfs.c index 7da3dd5..1872a7d 100644 --- a/tmpfs/tmpfs.c +++ b/tmpfs/tmpfs.c @@ -29,6 +29,7 @@ the Free Software Foundation, 675 Mass Ave, Cambridge, MA 0