s.
If you want to help a little bit, you can "bounce" or "redirect" SPAM message
to report-listspam@lists.d.o. If you want to help a lot, writing spamassassin
or protfix rules that match the SPAM and communicating that to the list admins
could h
you want to revert some or
all of these marked/scheduled changes, I recommend starting aptitude in
interactive mode (aptitude).
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'
nclusion of this, the highest level of security with which I and many
>> others can obtain debian *in practice* is plain http.
I disagree with that assertion.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM:
On Monday, October 11, 2010 17:18:34 you wrote:
>On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
>>> Anyone else perceive this situation as being a bit sub-optimal from
>>> the security perspective?
>>
>> No.
>
>Interesting. Do you happen to run any su
>CPU. It's been available in the 2.6 kernel, and shipped in MS Windows,
>since 2004.
MS Windows also defaults to PAE.
>What can be done to not disable page protections in the default kernel?
Enable PAE. From what I understand, the features are not separable in the
i386
ted since last
time I researched the issue.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/\_/
signature.asc
Description: Th
On Saturday, August 28, 2010 20:29:50 you wrote:
>On Sat, Aug 28, 2010 at 3:08 AM, Boyd Stephen Smith Jr.
> wrote:
>> In <4c77f5ca.6030...@gmail.com>, Min Wang wrote:
>>>(1) does this approach
>>>
>>>prevent user1-> root ( su-> ) user2?
&
er, network applications that use the
gssapi (or other Kerberos methods) will require credentials granted by the
Kerberos system in order to take action as a Kerberos user.
Old-style NFS mostly trusts the local system to identify the user, which is
why it is mostly only secure if
profile.d
drwxr-xr-x 2 root root 48 2007-07-26 15:36 /etc/profile.d
If someone can write to that directory, they have root. If they have root,
you are already in trouble.
Also: Patches Welcome.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net
ing from someone that doesn't know what they are talking about.
NB: Yes, patches from Ubuntu (in general) and Canonical employees (in
specific) can and are accepted, but they aren't given preferential treatment.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.
..@debian.org
>August 6th, 2010http://www.debian.org/News/2010/20100806
>
I'm wondering if this means Squeeze will soon be receiving the same level of
support of the security team as Lenny currently
matic migration from unstable.
I've been watching debian-security-announce and debian-announce and I haven't
seen the security team claim full support for Squeeze, yet, but I could have
missed it.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net
; issue if nothing works. (Ping would be ok, but large TCP downloads would
> flake out.)
IPv6 uses path MTU detection. Unless you have something seriously screwy with
your setup, MTUs (above the minimum) should not be an issue with IPv6.
--
Boyd Stephen Smith Jr.
On Friday 04 September 2009 14:30:00 Jacques Lav!gnotte wrote:
> Le Fri, 4 Sep 2009 10:25:38 +0100,
>
> "Adam D. Barratt" a écrit :
> > X-Mailer: Microsoft Outlook Express 6.00.2900.5843 <-- Huh...
>
> Is that a joke ?
Some people don't get to choose
rnet cafe) . I know, you have not connect to
>> your network from insecure computers, but sometimes you have not the
>> choice.
>
>But yes, you don't want to get Kerberos tickets on an insecure system.
I thought tickets only lasted for a small period of time, and could be
ex
In <87ws7gavpe@mid.deneb.enyo.de>, Florian Weimer wrote:
>* Boyd Stephen Smith, Jr.:
>> In <200906101232.13509.zarl...@gmx.at>, Johannes Zarl wrote:
>>> when my screen is locked (either via Ctrl-Alt-L or via time-delay in
>>> the screensaver itself), o
" and
then the screensaver would blank the screen and begin drawing. That wasn't
enough to concern me. If you can see the unprotected desktop for enough
time to take a digital photo, it could result in a compromise.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanas
run on
>internet facing servers.
I inherited a tripwire installation at some point. It was one mail message
per day (and if you didn't get that message you knew something was wrong).
It required a bit of tuning to not report errors regularly, but once I spent
that time it was
I actually prefer the current archive format
over gmane, but I (probably) would notice much if it changed.
>
>
>Or at least allow noindex tags inside posts.
HTML isn't allowed by the Code of Conduct, so "noindex tags" don't make
sense.
--
Boyd Stephen
kages" only contains
packages with NO available versions. So, this will catch packages that are
not in stable that were backported, but it wouldn't catch packages that are
in stable but have a newer version in backports.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@
..
Well, I think it is backports policy to always have ~bpo in their version.
See http://www.backports.org:80/dokuwiki/doku.php?id=contribute "Basic Rule"
4.
It both identifies the package and ensures that the version is testing is
considered 'higher&#
On Friday 13 March 2009 15:58:15 Florian Weimer wrote:
> For the stable distribution (etch), this problem has been fixed in
> version 2.9.5-2+lenny1.
Of course, that is a typo. The current stable distribution is Lenny.
--
Boyd Stephen Smith Jr. ,= ,-_-
> Any
> suggestions, other than a complete disk wipe on both machines? In any case,
> where would I go for a trusted rebuild, if there truly is a sabateur in the
> ranks of the Debian maintainers?
I'm forwarding to debian-security; perhaps they will have s
then mount -o bind /home/var /var/tmp to get what you are after.
In any case, dpkg installed suid binaries do get scrubbed after they aren't
in use, so you only have to worry about suid binaries you've created
yourself.
--
Boyd Stephen Smith Jr. ,= ,-_-.
On Friday 2009 January 16 15:49:46 Repasi Tibor wrote:
>Boyd Stephen Smith Jr. wrote:
>> On Friday 2009 January 16 13:03:53 you wrote:
>>> Boyd Stephen Smith Jr. wrote:
>>>> What about hardlinking the suid-root binaries to a hidden location,
>>>> waiting
u'll only manage breaking the sharing.
>
>|| FreeBSD atleast IIRC prevents this, Text File Busy/Text File In Use
>|| error.
As does Linux (openSUSE):
$ sudo /bin/sh -c '> /opt/kde3/bin/kget'
/bin/sh: /opt/kde3/bin/kget: Text file busy
--
Boyd Stephen Smith Jr.
On Friday 2009 January 16 14:45:44 Michael Loftis wrote:
>--On January 16, 2009 7:29:13 PM +0100 Johannes Wiedersich
> wrote:
>> Boyd Stephen Smith Jr. wrote:
>>> What about hardlinking the suid-root binaries to a hidden location,
>>> waiting for a security ho
On Friday 2009 January 16 12:29:13 Johannes Wiedersich wrote:
>Boyd Stephen Smith Jr. wrote:
>> What about hardlinking the suid-root binaries to a hidden location,
>> waiting for a security hole to be found/fixed, and then running the old
>> binary to exploit the hole?
>
&
e from trusted sources for this reason.
What about hardlinking the suid-root binaries to a hidden location, waiting
for a security hole to be found/fixed, and then running the old binary to
exploit the hole? Does dpkg handle suid/sgid files so that this is
prevented?
--
Boyd Stephen Smith Jr.
s already mentioned, I've also seen iptraf used a
bit.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
[EMAIL PROTECTED] ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.org/ \_/
si
30 matches
Mail list logo
