Am 12.02.2017 um 18:54 schrieb David Craven:
> If an attacker already has the privileges required to start the software
> I don't think it's possible to gain any more privileges unless that software
> has the setuid bit set.
You are right. I implicitly made some assumptions like setuid bit set.
N
On 17-02-12 14:37:53, Ludovic Courtès wrote:
> ng0 skribis:
>
> > On 17-02-11 15:31:15, Ludovic Courtès wrote:
> >> ng0 skribis:
>
> [...]
>
> >> > As far as I know right now, it does not have any graphical features or
> >> > dependencies.
> >> >
> >> > mumble:murmur -> total: 1072.6 MiB
> >>
"pelzflorian (Florian Pelz)" skribis:
> On 02/12/2017 06:01 PM, Hartmut Goebel wrote:
>> Am 12.02.2017 um 15:37 schrieb David Craven:
>>> I think that it is a minor
>>> issue at best, since anything that isn't accessible over the network or
>>> running
>>> with any sort of privileges is not very
Hi Hartmut,
Sorry for my snide remark...
>> This hypothetical attacker is trying to escalate privileges. I don't
>> see how starting an unprivileged process would help with that.
>
> Well, simply by an exploiting a bug in that software. This is a quite
> common case :-)
It is my understanding th
On 02/12/2017 06:01 PM, Hartmut Goebel wrote:
> Am 12.02.2017 um 15:37 schrieb David Craven:
>> I think that it is a minor
>> issue at best, since anything that isn't accessible over the network or
>> running
>> with any sort of privileges is not very useful.
>
> I strongly disagree!
>
> Every p
Am 12.02.2017 um 15:37 schrieb David Craven:
> I think that it is a minor
> issue at best, since anything that isn't accessible over the network or
> running
> with any sort of privileges is not very useful.
I strongly disagree!
Every piece of software available on the system may the intruder. T
> You read too much between the lines in my words.
> I'm not counting on the certifications of Harmut. I simply agree with
> the reasoning that no client and server should be combined if possible
> to limit the attack surface. That's all.
That may be true. It was my intention to back Ludo. I thin
On 17-02-12 14:57:05, David Craven wrote:
> > Okay. I prefer to wait for the outcome of the discussion around
> > server+client merging. I'm in favor of separating for the reasons Harmut
> > mentioned.
>
> This is a free software community. Anyone that needs to assert his authority
> with external
> Okay. I prefer to wait for the outcome of the discussion around
> server+client merging. I'm in favor of separating for the reasons Harmut
> mentioned.
This is a free software community. Anyone that needs to assert his authority
with external certifications rather than actions and sound reasonin
On 17-02-12 14:37:53, Ludovic Courtès wrote:
> ng0 skribis:
>
> > On 17-02-11 15:31:15, Ludovic Courtès wrote:
> >> ng0 skribis:
>
> [...]
>
> >> > As far as I know right now, it does not have any graphical features or
> >> > dependencies.
> >> >
> >> > mumble:murmur -> total: 1072.6 MiB
> >>
ng0 skribis:
> On 17-02-11 15:31:15, Ludovic Courtès wrote:
>> ng0 skribis:
[...]
>> > As far as I know right now, it does not have any graphical features or
>> > dependencies.
>> >
>> > mumble:murmur -> total: 1072.6 MiB
>> > mumble:out-> total: .2 MiB
>>
>> And what about the total
On 17-02-11 15:31:15, Ludovic Courtès wrote:
> ng0 skribis:
>
> > On 17-02-10 22:54:21, Marius Bakke wrote:
> >> ng0 writes:
> >>
> >> > On 17-02-09 23:50:02, Ludovic Courtès wrote:
> >> >> ng0 skribis:
> >> >>
> >> >> > On 17-02-09 17:50:04, Ludovic Courtès wrote:
> >> >> >> Hi ng0!
> >> >>
ng0 skribis:
> On 17-02-10 22:54:21, Marius Bakke wrote:
>> ng0 writes:
>>
>> > On 17-02-09 23:50:02, Ludovic Courtès wrote:
>> >> ng0 skribis:
>> >>
>> >> > On 17-02-09 17:50:04, Ludovic Courtès wrote:
>> >> >> Hi ng0!
>> >> >>
>> >> >> contact@cryptolab.net skribis:
>> >> >>
>> >> >>
On 17-02-10 22:54:21, Marius Bakke wrote:
> ng0 writes:
>
> > On 17-02-09 23:50:02, Ludovic Courtès wrote:
> >> ng0 skribis:
> >>
> >> > On 17-02-09 17:50:04, Ludovic Courtès wrote:
> >> >> Hi ng0!
> >> >>
> >> >> contact@cryptolab.net skribis:
> >> >>
> >> >> > This patch adds an propose
ng0 writes:
> On 17-02-09 23:50:02, Ludovic Courtès wrote:
>> ng0 skribis:
>>
>> > On 17-02-09 17:50:04, Ludovic Courtès wrote:
>> >> Hi ng0!
>> >>
>> >> contact@cryptolab.net skribis:
>> >>
>> >> > This patch adds an proposed change to mumble, murmur as an output.
>> >>
>> >> I’m reluct
On 17-02-09 23:50:02, Ludovic Courtès wrote:
> ng0 skribis:
>
> > On 17-02-09 17:50:04, Ludovic Courtès wrote:
> >> Hi ng0!
> >>
> >> contact@cryptolab.net skribis:
> >>
> >> > This patch adds an proposed change to mumble, murmur as an output.
> >>
> >> I’m reluctant to “non-standard” outp
ng0 skribis:
> On 17-02-09 17:50:04, Ludovic Courtès wrote:
>> Hi ng0!
>>
>> contact@cryptolab.net skribis:
>>
>> > This patch adds an proposed change to mumble, murmur as an output.
>>
>> I’m reluctant to “non-standard” outputs like this. The reason for
>> multiple outputs should be to r
On 17-02-09 17:50:04, Ludovic Courtès wrote:
> Hi ng0!
>
> contact@cryptolab.net skribis:
>
> > This patch adds an proposed change to mumble, murmur as an output.
>
> I’m reluctant to “non-standard” outputs like this. The reason for
> multiple outputs should be to reduce the closure size fo
Hi ng0!
contact@cryptolab.net skribis:
> This patch adds an proposed change to mumble, murmur as an output.
I’m reluctant to “non-standard” outputs like this. The reason for
multiple outputs should be to reduce the closure size for standards
uses. What do we gain by not included murmurd in
contact@cryptolab.net writes:
> This patch adds an proposed change to mumble, murmur as an output.
> Murmur is the server of mumble. I tried to use an inherit package first, but
> the amount of code for the minor difference between mumble and murmur is not
> worth the length of a new packag
20 matches
Mail list logo