Re: Cite for print-to-postscript exploit in Mozilla?

2004-07-09 Thread Alan Shutko
, also assuming there's no exploit in Xprint. That message is really about sending arbitrary Postscript files through interpreters. Mozilla doesn't produce arbitrary postscript with unsafe operators, unless there's an unpublished exploit to make it do so. -- Alan Shutko [EMAIL PROTECTED] - I am

Re: OT: Re: Media Hackers

2002-09-29 Thread Alan Shutko
Dale Amon [EMAIL PROTECTED] writes: Hmmm, now which one would that be for County Down, Northern Ireland? Depends on who you can afford, of course. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! cartridge. We should go metric every inch of the way. -- To UNSUBSCRIBE, email

Re: OT: Re: Media Hackers

2002-09-29 Thread Alan Shutko
Dale Amon [EMAIL PROTECTED] writes: Hmmm, now which one would that be for County Down, Northern Ireland? Depends on who you can afford, of course. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! cartridge. We should go metric every inch of the way.

Re: slapper countermeasures

2002-09-19 Thread Alan Shutko
. Machines which are vulnerable to viruses are likely also set up in rather interesting ways. Unless you had detailed knowledge of how it was set up, you might break things while disabling the virus. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Dedicated to better living through computers.

Re: slapper countermeasures

2002-09-18 Thread Alan Shutko
. Machines which are vulnerable to viruses are likely also set up in rather interesting ways. Unless you had detailed knowledge of how it was set up, you might break things while disabling the virus. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Dedicated to better living through computers

Re: glibc_2.2.5-9.woody.4.deb is missing

2002-07-18 Thread Alan Shutko
Marcel Weber [EMAIL PROTECTED] writes: Looks like a bug to me... Yes, it's bug #153445. glibc/locales have had a lot of problems like this recently. It'll probably be fixed as soon as the security team can get things recompiled. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors

Re: is acroread really affected by DSA-122 ?

2002-05-22 Thread Alan Shutko
Martin Quinson [EMAIL PROTECTED] writes: My question is to know how I can prove that it is affected, or if adobe was nice enough to use a correct version of the zlib. If you figure it out, check if Acrobat Reader 5.0.5 for Linux (just released) is also affected. -- Alan Shutko [EMAIL

Re: is acroread really affected by DSA-122 ?

2002-05-22 Thread Alan Shutko
Martin Quinson [EMAIL PROTECTED] writes: My question is to know how I can prove that it is affected, or if adobe was nice enough to use a correct version of the zlib. If you figure it out, check if Acrobat Reader 5.0.5 for Linux (just released) is also affected. -- Alan Shutko [EMAIL

Re: NFS, password transparency, and security

2002-04-07 Thread Alan Shutko
on untrusted nets, but I don't know how bad setup is. I suspect it's evil. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Ban the bomb. Save the world for conventional warfare. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL

Re: NFS, password transparency, and security

2002-04-07 Thread Alan Shutko
on untrusted nets, but I don't know how bad setup is. I suspect it's evil. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Ban the bomb. Save the world for conventional warfare. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL

Re: VI wrapper for SUDO? - another bad way ??

2001-12-04 Thread Alan Shutko
possible to implement, but Linus chose not to do so for security reasons. So you were both right. It is disabled, from the point of view of intentional nonimplementation. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Stay together, drag each other down.

Re: buffer overflow in /bin/gzip?

2001-11-21 Thread Alan Shutko
Andrew Suffield [EMAIL PROTECTED] writes: Albeit silly; you mean strdup() Unless you're restricted to C89. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Style may not be the answer, but at least it's a workable alternative. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED

Re: buffer overflow in /bin/gzip?

2001-11-21 Thread Alan Shutko
Andrew Suffield [EMAIL PROTECTED] writes: Albeit silly; you mean strdup() Unless you're restricted to C89. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Style may not be the answer, but at least it's a workable alternative.

Re: chroot

2001-10-07 Thread Alan Shutko
all the time) they won't need a program like this sitting in the jail... this is just for educational purposes. Included is a script showing the breakout. Please ignore any blatant coding errors in this... I just whipped it up quickly and there are probably better ways to do all of this. -- Alan

Re: chroot

2001-10-07 Thread Alan Shutko
the time) they won't need a program like this sitting in the jail... this is just for educational purposes. Included is a script showing the breakout. Please ignore any blatant coding errors in this... I just whipped it up quickly and there are probably better ways to do all of this. -- Alan

Re: chroot

2001-10-04 Thread Alan Shutko
. And there's the way out mentioned in the chroot(2) manpage. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! I have not yet begun to byte! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: chroot

2001-10-04 Thread Alan Shutko
. And there's the way out mentioned in the chroot(2) manpage. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! I have not yet begun to byte!

Re: Mutt and inline gpg

2001-08-09 Thread Alan Shutko
Christian Kurz [EMAIL PROTECTED] writes: That option might help you very much, but instead I would suggest that the other MUA's get fixed. I'd like to see all mailers complying with RFC2822 first. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! If at first you don't succeed

Re: inetd questions

2001-07-31 Thread Alan Shutko
Nate Bargmann [EMAIL PROTECTED] writes: In particular, how critical are the internal services of echo, chargen, discard, daytime, and time. Completely and totally non-critical. In fact, I don't know if they're actually used by anything these days. -- Alan Shutko [EMAIL PROTECTED

Re: inetd questions

2001-07-31 Thread Alan Shutko
Nate Bargmann [EMAIL PROTECTED] writes: In particular, how critical are the internal services of echo, chargen, discard, daytime, and time. Completely and totally non-critical. In fact, I don't know if they're actually used by anything these days. -- Alan Shutko [EMAIL PROTECTED