* Peter Cordes
| There seems to be a lot of this going on. Is it possible to modify glibc
| so that it flags dangerous actions with stuff in /tmp?
You don't even have to modify glibc. You can have a small library
which you preload, and which puts itself in place of the functions you
want to
On Thu, Nov 23, 2000 at 05:50:06PM -0500, Daniel Burrows wrote:
> On Thu, Nov 23, 2000 at 06:35:54PM -0400, Peter Cordes <[EMAIL PROTECTED]>
> was heard to say:
> > > ghostscript uses temporary files to do some of its work. Unfortunately
> > > the method used to create those files wasn't secure: m
> I know, it's on the list of things to do. Since it's already in there it
> has a lower priority then fixing things that don't have a fix yet
> though.
Thats cool, it hasn't been compiled for alpha yet either so I guess there's
still work to be done.
--
Jamie Heilman http://au
(I replied to the security announcement, and I didn't notice that
[EMAIL PROTECTED] wasn't the same thing as
debian-security@lists.debian.org, so I'm sending it here, where I meant to.)
> ghostscript uses temporary files to do some of its work. Unfortunately
> the method used to create those files
On Thu, Nov 23, 2000 at 05:50:06PM -0500, Daniel Burrows wrote:
> On Thu, Nov 23, 2000 at 06:35:54PM -0400, Peter Cordes <[EMAIL PROTECTED]> was
>heard to say:
> > > ghostscript uses temporary files to do some of its work. Unfortunately
> > > the method used to create those files wasn't secure: m
G'day Security Dudez,
I thought I would forward this email along in case you hear about it
from somewhere else and start to fret.
This bug was fixed in 3.6.24-3 and also some version of potato though
there hasn't been a security alert about it yet :/
So we're ok, if a little slow on telling peo
> I know, it's on the list of things to do. Since it's already in there it
> has a lower priority then fixing things that don't have a fix yet
> though.
Thats cool, it hasn't been compiled for alpha yet either so I guess there's
still work to be done.
--
Jamie Heilman http://a
(I replied to the security announcement, and I didn't notice that
[EMAIL PROTECTED] wasn't the same thing as
[EMAIL PROTECTED], so I'm sending it here, where I meant to.)
> ghostscript uses temporary files to do some of its work. Unfortunately
> the method used to create those files wasn't secure
G'day Security Dudez,
I thought I would forward this email along in case you hear about it
from somewhere else and start to fret.
This bug was fixed in 3.6.24-3 and also some version of potato though
there hasn't been a security alert about it yet :/
So we're ok, if a little slow on telling pe
Hi,
I don't know which version you are using, but
I has this problem with apache 1.3.12.
Try adding directive
AddDefaultCharset off
in httpd.conf
I was not sure is it working as global config or no, so I put
this line in every virtualhost directive too and the problem disappear.
I made hard d
Hi!
It's not a security problem, but my apache doesn't want to show html
in iso requested in it's always received by browser as
iso-8859-1, but it's declared as iso-8859-2. Why is that. Default
char-table declared in config file is iso-8859-2. Can anyone help me?
If so, please send me a solution
Hi,
I don't know which version you are using, but
I has this problem with apache 1.3.12.
Try adding directive
AddDefaultCharset off
in httpd.conf
I was not sure is it working as global config or no, so I put
this line in every virtualhost directive too and the problem disappear.
I made hard
In message <[EMAIL PROTECTED]>, Charles Goyard writes:
>Alex Pires de Camargo a ?crit :
>> I administer a network with server and clients Debian based,
>> and would like to know if I can solve this problem.
>> It's a little easy to an user open a PC, damage the batteries,
>> boot with flo
... verify the recipient Luke before pressing the "send" button ;-)
"J-E.Schulz" wrote:
>
> Hi,
>
> as long as the server machines resides in a _really_
> restricted area (e.g. a machine room which may by
> physically accessed only by trusted staff members)
> You may have the chance to securly d
Previously Jamie Heilman wrote:
> The libnns-ldap 122-1 update made it into r1 without ever having an
> official Security Alert announcement, I dunno how big of a deal this is,
> but I figured I should dredge it up incase it needed be addressed
> officially. Anyone?
I know, it's on the list of th
Hi!
It's not a security problem, but my apache doesn't want to show html
in iso requested in it's always received by browser as
iso-8859-1, but it's declared as iso-8859-2. Why is that. Default
char-table declared in config file is iso-8859-2. Can anyone help me?
If so, please send me a solution
-- Original Message --
From: Pollywog <[EMAIL PROTECTED]>
Reply-to: Pollywog <[EMAIL PROTECTED]>
Date: Thu, 23 Nov 2000 03:51:21 + (UTC)
>
>On Wed, 22 Nov 100 22:11:33 -0500, tim said:
>
>>
>> Can someone provide a step by step procedure for configuri
On Thu, Nov 23, 2000 at 02:39:54PM +0100, Philippe Barnetche wrote:
> Hi,
>
> you can change the PAM attributes of "su", avoiding local root to get user
> account access. Of course, if your /etc is local, you'll still have the
> problem.
that would be very weak, if root could write to anywhere
In message <[EMAIL PROTECTED]>, Charles Goyard writes:
>Alex Pires de Camargo a écrit :
>> I administer a network with server and clients Debian based,
>> and would like to know if I can solve this problem.
>> It's a little easy to an user open a PC, damage the batteries,
>> boot with fl
... verify the recipient Luke before pressing the "send" button ;-)
"J-E.Schulz" wrote:
>
> Hi,
>
> as long as the server machines resides in a _really_
> restricted area (e.g. a machine room which may by
> physically accessed only by trusted staff members)
> You may have the chance to securly
Previously Jamie Heilman wrote:
> The libnns-ldap 122-1 update made it into r1 without ever having an
> official Security Alert announcement, I dunno how big of a deal this is,
> but I figured I should dredge it up incase it needed be addressed
> officially. Anyone?
I know, it's on the list of t
Hi,
you can change the PAM attributes of "su", avoiding local root to get user
account access. Of course, if your /etc is local, you'll still have the
problem.
Le jeu, 23 nov 2000, Alex Pires de Camargo a écrit :
> Hi!
> I administer a network with server and clients Debian based,
> and w
-- Original Message --
From: Pollywog <[EMAIL PROTECTED]>
Reply-to: Pollywog <[EMAIL PROTECTED]>
Date: Thu, 23 Nov 2000 03:51:21 + (UTC)
>
>On Wed, 22 Nov 100 22:11:33 -0500, tim said:
>
>>
>> Can someone provide a step by step procedure for configur
On Thu, Nov 23, 2000 at 02:39:54PM +0100, Philippe Barnetche wrote:
> Hi,
>
> you can change the PAM attributes of "su", avoiding local root to get user
> account access. Of course, if your /etc is local, you'll still have the
> problem.
that would be very weak, if root could write to anywhere
Hi,
you can change the PAM attributes of "su", avoiding local root to get user
account access. Of course, if your /etc is local, you'll still have the
problem.
Le jeu, 23 nov 2000, Alex Pires de Camargo a écrit :
> Hi!
> I administer a network with server and clients Debian based,
> and
* Alex Pires de Camargo
| Is there anything I'm forgetting to make? On server I run
| potato, nis (not nis+), nfs-kernel-server.
There is a export-on-demand system, which makes the user authorized
himself via kerberos before his home directory is exported. I don't
remember the name, but I
Alex Pires de Camargo a écrit :
> Hi!
> I administer a network with server and clients Debian based,
> and would like to know if I can solve this problem.
> It's a little easy to an user open a PC, damage the batteries,
> boot with floppy and login as root in a client. But one thi
On Wed, Nov 22, 2000 at 10:11:33PM -0500, tim wrote:
> I am trying to setup iptables so that I can MASQUERADE my other boxes with
> private IPs.
> I have a DSL connection with a fixed IP.
>
> Ran iptables-1.1.2's make patch-o-matic
> Recompiled the kernel 2.4.0test11 netfilter enabled.
> "I am n
Hi!
I administer a network with server and clients Debian based,
and would like to know if I can solve this problem.
It's a little easy to an user open a PC, damage the batteries,
boot with floppy and login as root in a client. But one thing is
undesirable. He can do su - a
* Alex Pires de Camargo
| Is there anything I'm forgetting to make? On server I run
| potato, nis (not nis+), nfs-kernel-server.
There is a export-on-demand system, which makes the user authorized
himself via kerberos before his home directory is exported. I don't
remember the name, but
Alex Pires de Camargo a écrit :
> Hi!
> I administer a network with server and clients Debian based,
> and would like to know if I can solve this problem.
> It's a little easy to an user open a PC, damage the batteries,
> boot with floppy and login as root in a client. But one th
On Wed, Nov 22, 2000 at 10:11:33PM -0500, tim wrote:
> I am trying to setup iptables so that I can MASQUERADE my other boxes with private
>IPs.
> I have a DSL connection with a fixed IP.
>
> Ran iptables-1.1.2's make patch-o-matic
> Recompiled the kernel 2.4.0test11 netfilter enabled.
> "I am n
Hi!
I administer a network with server and clients Debian based,
and would like to know if I can solve this problem.
It's a little easy to an user open a PC, damage the batteries,
boot with floppy and login as root in a client. But one thing is
undesirable. He can do su -
The libnns-ldap 122-1 update made it into r1 without ever having an
official Security Alert announcement, I dunno how big of a deal this is,
but I figured I should dredge it up incase it needed be addressed
officially. Anyone?
--
Jamie Heilman http://audible.transient.net/~jam
The libnns-ldap 122-1 update made it into r1 without ever having an
official Security Alert announcement, I dunno how big of a deal this is,
but I figured I should dredge it up incase it needed be addressed
officially. Anyone?
--
Jamie Heilman http://audible.transient.net/~ja
35 matches
Mail list logo