-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
stack exhaustion. it's seems to recursion problem for basic regular
expression. the same or similar problem exists in PCRE 8.12, allowing to
crash multiple applications
cx@cx64:/www$ cat crash0.php
cx@cx64:/www$ php crash0.php
Segmentation fault
or
jara 1.6 sql injection vulnerability
download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip
author muuratsalo
contact muuratsalo[at]gmail.com
exploit
http://localhost/jara/view.php?id=[SQL Injection]
___
Full-Disclosure - We b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:160
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:159
http://www.mandriva.com/security/
_
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
> Sorry for the top posting.
No, top posting is the *correct* way to do things, which most people on
this list don't seem to realize. Instead they quote *everything* and
then respond on the bottom. Yikes.
> In fedorable distro Almost pam namespace can do this. It was born from
> a selinux project
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2011 11:14 AM, full-disclosure-requ...@lists.grok.org.uk wrote:
> If you had your way, would you see it implemented as /tmp/
> //tmp, or some other way?
per_user_tmp=yes ?
http://www.feyrer.de/NetBSD/bx/blosxom.cgi/index.front?-tags=tmp
-
I apologize as my search wasn't a complex method, just a quick grep for
signs of /tmp misuse. Indeed creating a directory under /tmp is a safeway
to handle tmp files.
> b...@fbi.dhs.org wrote:
>>
>> bashbug:
>>
>> /usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
>>
>> Maybe I should use bashbug to report
Hi Chris,
You're right: File browse dialogs change the CWD and this contributes
essentially to the exploitability of the bug in question. While it's possible
to prevent these dialogs from *keeping* the CWD where the user OK'ed a selected
file/folder (see http://www.binaryplanting.com/guidelines
b...@fbi.dhs.org wrote:
>
> bashbug:
>
> /usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
>
> Maybe I should use bashbug to report a bug in bashbug?
>
I took a quick look, it's actually using mkdir to create a temporary
directory in /tmp, which it uses for collecting support files.
This is actually a
> Actually, no; per user /tmp could only be accomplished, without a major
> redesign and without breaking almost every application
[citation needed] ;-)
Only a fraction of apps uses /tmp... vendors can fix their own
distros: grepping for "/tmp" isn't complicated, and almost every
package usually
On 22 Oct 2011, at 07:06, Raj Mathur (राज माथुर) wrote:
>
>
> At first sight, the best option from that point of view seems to be a
> per-user tmp under /tmp/$USER/ and mount /tmp noexec, nosuid. If you
> choose the ~$USER/tmp option, you'll probably have to do some userfs
> jugglery to achi
14 matches
Mail list logo
