On Mon, Dec 11, 2006 at 05:26:01PM +, Tavis Ormandy wrote:
> On Sat, Dec 09, 2006 at 04:01:30PM +0100, Timothy Redaelli wrote:
> > can't fix rpath, application check its checksum
> >
>
> This looks like a serious security issue, attempting to scan a file
> nam
On Sat, Dec 09, 2006 at 04:01:30PM +0100, Timothy Redaelli wrote:
> can't fix rpath, application check its checksum
>
This looks like a serious security issue, attempting to scan a file
named `liblnxfv.so.4` in the cwd will execute arbitrary code (by
installing a constructor in the dso, for examp
On Sun, Nov 12, 2006 at 08:59:03PM +0500, Anatoly Shipitsin wrote:
> >> Use abstract depend provide by same packages and set hardcoded depend
> >> provided by one package (nano) is right?
> >
> >No, is not right.
> >
> But why it's not need change? I'm talk not only sudo.
I dont know about the oth
On Sun, Nov 12, 2006 at 08:17:18PM +0500, Anatoly Shipitsin wrote:
> >
> >Talking specifically about sudo, I think you're making a big deal out of
> >a very minor thing, primarily because I cannot think of a sane example
> >of when $EDITOR and $VISUAL are not set and visudo (which requires an
> >in
On Sun, Nov 12, 2006 at 08:38:52PM +0500, Anatoly Shipitsin wrote:
> >I'm think if we set hardcoded editor nano at configure in sudo,ebuild its
> >> should DEPEND at nano editor not virtual/editor.
> >
> >Then you would be wrong.
> >
>
> Use abstract depend provide by same packages and set hardcod
On Sun, Nov 12, 2006 at 09:29:48AM -0600, Mike Doty wrote:
> then fcron(or whatever package this is from) is *broken*
Either that, or you dont know what it does.
Thanks, Tavis.
--
-
[EMAIL PROTECTED] | finger me for my pgp key.
---
On Sun, Nov 12, 2006 at 06:21:56PM +0500, Anatoly Shipitsin wrote:
> >This question is nonsensical. I guess you dont understand what sudo
> >does, it's too complicated to explain here, you should consult the
> >documentation.
>
> I'm told about emerge package not runtime. May you don't understand
On Sun, Nov 12, 2006 at 04:21:21PM +0300, Peter Volkov (pva) wrote:
> On Sun, 2006-11-12 at 12:15 +0000, Tavis Ormandy wrote:
> > The only `hardcoded` editor is the fallback editor for
> > visudo
>
> And this is the problem I'm talking about. I do not see any reasons
On Sun, Nov 12, 2006 at 04:30:48PM +0500, Anatoly Shipitsin wrote:
> >You can set `Defaults env_keep=EDITOR` in your sudoers file if you want,
> >or what I do is `Defaults:%wheel !env_reset`, to allow users in group
> >wheel to use sudo without the environment being scrubbed.
> >
>
> Ok. How you p
On Sun, Nov 12, 2006 at 02:32:56PM +0300, Peter Volkov (pva) wrote:
> On Sun, 2006-11-12 at 11:06 +0000, Tavis Ormandy wrote:
> > You can set `Defaults env_keep=EDITOR` in your sudoers file if you
> > want, or what I do is `Defaults:%wheel !env_reset`, to allow users in
> > gr
On Sun, Nov 12, 2006 at 12:27:12PM +0300, Peter Volkov (pva) wrote:
> work[3,4] (yes... if EDITOR is not set). But EDITOR *is not* set when
> program is started from sudo because sudo for security reasons drops
> environment (are there any other cases when environment is dropped?).
You can set `De
On Thu, Apr 27, 2006 at 02:21:38PM -0400, A. Khattri wrote:
> ## This software may be freely copied, modified and redistributed
> ## without fee for non-commerical purposes provided that this license
> ## remains intact and unmodified with any distribution.
>
> Last time I looked, there were some
On Sat, Nov 26, 2005 at 12:50:30PM -0500, Ned Ludd wrote:
> I'm in favor of it enabled per default but I'd like to know what you
> think and why. (advantages of on/off by default etc..)
>
This should definitely be enabled by default, we dont need to enable
debugging information for this to be use
--On Monday, September 05, 2005 14:41:45 +0900 Georgi Georgiev
<[EMAIL PROTECTED]> wrote:
> key sequence works fine with my slang-linked mutt, but it
> does not with a ncurses-linked mutt. I am aware what Control-S is
> supposed to do historically.
stty stop undef
--
--
--On Monday, August 22, 2005 08:18:42 +0100 Tavis Ormandy
<[EMAIL PROTECTED]> wrote:
>
>
> --On Monday, August 22, 2005 00:21:16 + Renat Lumpau <[EMAIL PROTECTED]>
> wrote:
>
>> On Mon, Aug 22, 2005 at 12:08:00AM +0100, Ciaran McCreesh wrote:
>>&
--On Monday, August 22, 2005 00:21:16 + Renat Lumpau <[EMAIL PROTECTED]>
wrote:
> On Mon, Aug 22, 2005 at 12:08:00AM +0100, Ciaran McCreesh wrote:
>> Thanks. The other useful one is to see whether it does 256 colours
>> properly like real xterm does. The following bash script, when run with
--On Monday, June 20, 2005 07:34:11 +0300 Rumen Yotov <[EMAIL PROTECTED]>
wrote:
> Hi,
> Recently began using flawfinder& rats and they're working (logging
> things). For now don't have time to look at the logs (beside *me* needing
> more time to check them), so is there some place/person which
17 matches
Mail list logo