Дана 24/08/09 09:27AM, UDENIX написа:
> Sorry for spamming both lists, I was very concerned about this vulnerability
> as many programs I use make use of web interfaces that run locally, such as
> Syncthing.
Syncthing phones home to the global server, in addition to doing
essentially what cron(8)
On 08/08/2024 19:44, UDENIX wrote:
https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/
I wonder if the sandboxing of Chromium and Firefox on OpenBSD will
prevent it from being affected by this vulnerability.
If you can open LAN
Give aide a try. It isn't exactly a security(8) replacement but it is
fine for detecting filesystem changes.
chrootkit and rkhunter are also fine for detecting suspicious activity
and tracking critical filesystem changes, but adapting them to your
environment might take some work.
On Sat, Jul 20, 2024 at 03:11:08PM -0400, Allan Streib wrote:
> I am guessing that many of us also manage linux systems, is anyone
> aware of a port or adaptation of security(8) for linux, specifically
> Ubuntu or Debian distributions?
The closest thing I'm familiar with is t
I am guessing that many of us also manage linux systems, is anyone
aware of a port or adaptation of security(8) for linux, specifically
Ubuntu or Debian distributions?
Allan
Alfredo Ortega writes:
> Hi! Sorry if this is not the appropriate list to share openbsd-related
> projects (perhaps it was misc?)
>
> I want to inform you about this project about using LLMs to inject
> thousands of security checks into the OpenBSD kernel automatically.
>
>
This thread is now closed, please don't try to continue it.
- todd
If I'm explaining security or lack of security, or saying things like "this
is not enough", it's not as part of a speech that's meant to whine. I'll
explain: I could've just asked, in my first message, whether OpenBSD has a
mechanism like Ctrl-Alt-Delete on Win
1.- Are you worried about the fact that apps on X11 may suffer
Emphasis on "may".
> input-spoofing? Great, start writing all the code necessary to prevent
> that from happening and help us improve the security of OpenBSD and any
> other OS that uses X11.
There's already ro
ll the code necessary to prevent
that from happening and help us improve the security of OpenBSD and any
other OS that uses X11.
Coming here and saying that we are not attentive to security and that
is why we "HAVE" to do something, is utter idiocy. Start doing
something yourself, if you wan
On Wednesday, March 27, 2024, Dan wrote:
> Hello, I have 3 security-related questions:
> (1) Does OpenBSD have a mechanism like Ctrl-Alt-Delete on Windows (Secure
> Attention Key, or SAK) to prevent malware (or a website in fullscreen, for
> example) from faking a logout process and
On Saturday, March 30, 2024, hahahahacker2009
wrote:
> Vào Th 7, 30 thg 3, 2024 vào lúc 11:19 Dan đã
> viết:
>
> >>
> >>
> >> > I've looked at the
> >> > source code and issue tracker of upstream Firefox in the past and it
> has
> >> > upstream support for pledge(2) and unveil(2).
> >>
> >> Gr
On Saturday, March 30, 2024, hahahahacker2009
wrote:
> Vào Th 6, 29 thg 3, 2024 vào lúc 07:40 Dan đã
> viết:
>
> > This only lists third-party packages that have an OpenBSD
> ports-originated addition of pledge/unveil configuration files; packages
> that use pledge/unveil without configuration
James Huddle :
> I live in post-2016 USA and have essentially given up hope of any sort of
> computer security.
Personal thought and from USA where the core of private data business resides.
Due to different reasons and the env I work in I results attacked very often
under OpenBSD
iltrator (or Exfiltration,
'ex'+10) about a year ago. LOL.
I actually did not know about the vulnerability. Thanks, Matthew.
And yes, I was voicing the untested theory of precisely what you
articulated, Luke.
I live in post-2016 USA and have essentially given up hope of any sort of
compu
Replying now to cho...@jtan.com:
>[…] any
>application which uses the X server (ie. can access the tcp port
>or unix socket and has the correct xauth key […]
The default PF configuration blocks access to the ports, but only on
non-loopback interfaces.
https://github.com/openbsd/src/blob/master/etc/
(Note for everyone: This message is intended to shame a troll; if you're
here to follow the technical discussion only, feel free to skip reading
this message.)
~ | ~ | ~ | ~ | ~ | ~
On Friday, March 29, 2024, Jan Stary wrote:
> > > > (The person
> > > > you're replying to should be in the To fi
Luke A. Call writes:
>
> On 2024-03-29 09:01:07-0400, James Huddle wrote:
> > Exfiltrator. There's an 11-letter word that starts with "ex". X11.
>
> After a quick web search, I'm not sure I follow. Is that a reference to
> a program that exfiltrates data after a computer is compromised? Can yo
> >
> > I'm no X expert, but I think what you are saying is technically correct
> > across users, but I believe it is possible for one application to
> > sniff the keystrokes input to another app running under the *same* user, at
> > least, and under different user
;m no X expert, but I think what you are saying is technically correct
> across users, but I believe it is possible for one application to
> sniff the keystrokes input to another app running under the *same* user, at
> least, and under different users in the same X session depending on how
&
not an X11 expert, and I'm not sure if the example provided in the
> > following link is because the program and the desktop it's running under
> > have different UIDs (rather than locking the desktop, logging into a
> > different user with a new desktop session using a SAK l
ng under the *same* user, at
least, and under different users in the same X session depending on how
they connect. Specifically:
1) Under `man xterm' in the "SECURITY" section it says some related
things that sound like that is what they are saying. I can't elaborate
on
On Thu, Mar 28, 2024 at 09:16:45PM +, Dan wrote:
> You didn't "Reply All", so I didn't get your reply in my inbox. (The person
> you're replying to should be in the To field, and the mailing list in the
> Cc field.)
OH PUH-LEEZE.
No.
You send to a mailing list, people are supposed to reply
Hello,
when I read posts like @Dan's, I say to myself: Don't feed the troll.
Pointless.
Wish you all a nice weekend,
Heinz
Gesendet: Donnerstag, 28. März 2024 um 23:02 Uhr
Von: "Jan Stary"
An: misc@openbsd.org
Betreff: Re: Security questions: Login spoofing,
esktop, logging into a
> different user with a new desktop session using a SAK like Ctrl-Alt-Delete,
> and running it there), but I found this old blog post, by whom I believe is
> the founder of Qubes OS, being cited somewhere:
> https://theinvisiblethings.blogspot.com/2011/04/linux-secu
not in the mailing list world I've been using for close to 30 years
if you post to the mailing list I reply to the mailing list
On March 28, 2024 3:16:45 PM MDT, Dan wrote:
>You didn't "Reply All", so I didn't get your reply in my inbox. (The person
>you're replying to should be in the To fiel
, by whom I believe is
the founder of Qubes OS, being cited somewhere:
https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
It is common knowledge that X11 is insecure by design, not (only) by the
ancient code, so even if the blog post isn't relevant anym
res this key
> combination and takes over with a real login prompt that malware can't fake
> without first defeating the OS security.
Any X11 program can display a screen that looks like the login screen.
Even on windows; this has nothing to do with intercepting ctrl-alt-del.
>
Awesome, blacklists are still affordable at time word of mouth!
We got up too eatly today, take a nap like everyone do and care about your
dears..
-Dan
Mar 27, 2024 11:51:32 hahahahacker2009 :
> -- Forwarded message -
> From: Mihai Popescu
> Date: Th 7, 24 thg 2, 2024 vào l
Hello, I have 3 security-related questions:
(1) Does OpenBSD have a mechanism like Ctrl-Alt-Delete on Windows (Secure
Attention Key, or SAK) to prevent malware (or a website in fullscreen, for
example) from faking a logout process and/or faking a login prompt? On
Windows the kernel ensures that
-- Forwarded message -
From: Mihai Popescu
Date: Th 7, 24 thg 2, 2024 vào lúc 08:15
Subject: Re: If you need to gamify...
To:
Captain Warez, Sir,
This list has already its share of spam and i think it doesn't need
yours. Some of us are reading messages from web list archivers
Hello,
Just adding a simple evidence: dark mode is difficult to print.
If you are dedicating time to web browser and email client development
in OpenBSD.. I suggest to point antennas on dark mode too..
-Dan
Hi,
On Thu, 14 Mar 2024, at 00:25, ofthecentury wrote:
>. And I was under the impression there would be no graphics
> errors week 1 of me using OpenBSD due to the way OpenBSD was
> centered around code auditing and only releasing something very
> stable and tested, especially something so senstive
gt; > Just saw this in my /var/log/messages:
> >
> > '/bsd: drm:pid1338:intel_pipe_update_start *ERROR*
> > [drm] *ERROR* Potential atomic update failure on pipe B'
> >
> > Intel_pipe_update???
> >
>
> No, it isn't a security issue, it
On Wed, Mar 13, 2024 at 05:01:57PM +0500, ofthecentury wrote:
> Just saw this in my /var/log/messages:
>
> '/bsd: drm:pid1338:intel_pipe_update_start *ERROR*
> [drm] *ERROR* Potential atomic update failure on pipe B'
>
> Intel_pipe_update???
>
A fairly simple web search would have provided potet
On Wed, Mar 13, 2024 at 05:01:57PM +0500, ofthecentury wrote:
> Just saw this in my /var/log/messages:
>
> '/bsd: drm:pid1338:intel_pipe_update_start *ERROR*
> [drm] *ERROR* Potential atomic update failure on pipe B'
>
> Intel_pipe_update???
>
No, it isn't a
Just saw this in my /var/log/messages:
'/bsd: drm:pid1338:intel_pipe_update_start *ERROR*
[drm] *ERROR* Potential atomic update failure on pipe B'
Intel_pipe_update???
On Thu, Dec 21, 2023 at 08:20:37AM -0300, Crystal Kolipe wrote:
> > login.conf used to allow unlimited datasize for the 'daemon' class. That was
> > changed to cap at 4G
>
> Actually the value is an architecture dependent setting.
>
> On amd64 it is indeed 4G, but typically 1024 Mb on the small
On Thu, Dec 21, 2023 at 10:54:14AM -, Stuart Henderson wrote:
> On 2023-12-20, Why 42? The lists account. wrote:
> >
> > Just tried the mount of /tmp manually from the command line at got:
> > mount_mfs: mmap: Cannot allocate memory
> >
> > When I halved the size (memory) allocated (-s=2097152
On 2023-12-20, Why 42? The lists account. wrote:
>
> Just tried the mount of /tmp manually from the command line at got:
> mount_mfs: mmap: Cannot allocate memory
>
> When I halved the size (memory) allocated (-s=2097152) it mounts
> successfully:
> mjoelnir:robb 20.12 19:50:02 # df -h /tmp
> File
On Thu, Dec 21, 2023 at 12:16:33AM +0200, Mihai Popescu wrote:
> > Why didn't you just bump the daemon datasize in /etc/login.conf to the
> > required value?
>
> this is there for a reason and if you keep "bumping" it, maybe it should be
> removed.
OK, then:
1. Read the docs and source.
2. Mak
> Why didn't you just bump the daemon datasize in /etc/login.conf to the
> required value?
Because The Creator said once this is there for a reason and if you
keep "bumping" it, maybe it should be removed.
On Wed, Dec 20, 2023 at 07:55:29PM +0100, Why 42? The lists account. wrote:
> When I halved the size (memory) allocated (-s=2097152) it mounts
> successfully
Why didn't you just bump the daemon datasize in /etc/login.conf to the
required value?
that is a better
description.
> (and yes, I have seen events where a major upgrade caused a lot of noise in
> a "something changed" file...which unfortunately hid something we needed to
> know about ALSO happened, and was dismissed as "part of the upgrade noise".
> T
of other binaries after an upgrade is expected. Seeing that "su"
went from 20k to 70k might warrant investigation.
(and yes, I have seen events where a major upgrade caused a lot of noise in
a "something changed" file...which unfortunately hid something we needed to
know about AL
...
Reply-To:
Hi All,
A couple of questions ...
I have "ROOTBACKUP=1" in /etc/daily.local to replicate my root partition
as described in the FAQ (https://www.openbsd.org/faq/faq14.html#altroot)
I noticed after an update to a new snapshot via sysupgrade that the next
daily output email contains
On 9/8/23 00:24, Richard Thornton wrote:
Say you had the guts of an x86_64 desktop running Windows on the bench and
another computer running OpenBSD right next to it, is there some mechanism
available that could allow you to integrity scan the NVMe drive (and also
the firmware but that's probabl
Apologies, this might be a little bit OT but I was thinking of this and I
thought about the wonderful folks at OpenBSD.
Say you had the guts of an x86_64 desktop running Windows on the bench and
another computer running OpenBSD right next to it, is there some mechanism
available that could allow y
>> As a user, I simply suggest creating an RSS channel for security advisories
>> and *even* I offer myself to help.
>>
>> The intention behind was to improve OpenBSD web. Simply.
> The number of people who work on errata, for obvious reasons, needs
> to be a small set of
On 2023/05/23 09:35, Xavier wrote:
> I did not say that. I did not see that you in particular, or anyone in this
> mailing list, make this work.
> As a user, I simply suggest creating an RSS channel for security advisories
> and *even* I offer myself to help.
>
> The inten
I did not say that. I did not see that you in particular, or anyone in
this mailing list, make this work.
As a user, I simply suggest creating an RSS channel for security
advisories and *even* I offer myself to help.
The intention behind was to improve OpenBSD web. Simply.
I want to thank
Thanks a lot, Brian. Very appreciated.
So now the only work is to merge to www
A 22.05.2023 15:50, Brian Conway escrigué:
On Mon, May 22, 2023, at 9:59 AM, Xavier wrote:
I don't know if you say it seriously. If you do, I think it's the
best.
Perhaps you could write some semantic file and conve
On Mon, May 22, 2023, at 9:59 AM, Xavier wrote:
> I don't know if you say it seriously. If you do, I think it's the best.
> Perhaps you could write some semantic file and convert them to desired
> format (html, RSS, etc.).
> I saw the www repo
> (https://github.com/openbsd/www/blob/38884496ed89e
I am not going to do any of this work you want.
Good bye.
Xavier wrote:
> "Theo de Raadt" said:
>
> > I'd be thrilled to do less work on errata!
> > How about we do RSS, and stop making errata?
> > We can do static RSS.
> > Configure and forget.
>
> I don't know if you say it seriously. If
"Theo de Raadt" said:
I'd be thrilled to do less work on errata!
How about we do RSS, and stop making errata?
We can do static RSS.
Configure and forget.
I don't know if you say it seriously. If you do, I think it's the best.
Perhaps you could write some semantic file and convert them to d
Stuart Henderson wrote:
> On 2023-05-22, Xavier B. wrote:
> > Why?
>
> If you make too much extra work for people who are handling errata,
> they won't want to handle errata any more.
I'd be thrilled to do less work on errata!
How about we do RSS, and stop making errata?
We can do static RSS
On 2023-05-22, Xavier B. wrote:
> Why?
If you make too much extra work for people who are handling errata,
they won't want to handle errata any more.
The simplest way to check for new updates for on an OpenBSD system
is to run syspatch -c, or subscribe to the "announce" mailing list.
If you wan
, May 21, 2023 at 06:26:12PM +, Xavier B. wrote:
Thanks, Hiltjo, for your help. I very appreciate that.
Perhaps it could be useful to place it in official site.
What do you think? What kind of software do you use to generate the web page?
Perhaps I could help you to add RSS security
On 2023-05-21, Xavier B. wrote:
> What kind of software do you use to generate the web page?
Depends on the developer who is updating it at the time, but I think
probably for most it will one of vi, vim, emacs or mg.
> > Perhaps it could be useful to place it in official site.
> > > > What do you think? What kind of software do you use to generate the web
> > > > page? Perhaps I could help you to add RSS security advisories.
> > > >
> > >
> > > Hi,
> > >
> > > You're welcome, but to be clear: I only posted the link.
> > >
> > > http://undeadly.org/cgi?action=about
> > >
> >
M +, Xavier B. wrote:
> > > Thanks, Hiltjo, for your help. I very appreciate that.
> > >
> > > Perhaps it could be useful to place it in official site.
> > > What do you think? What kind of software do you use to generate the web
> > > page? Perhap
iate that.
> >
> > Perhaps it could be useful to place it in official site.
> > What do you think? What kind of software do you use to generate the web
> > page? Perhaps I could help you to add RSS security advisories.
> >
>
> Hi,
>
> You're wel
you to add RSS security advisories.
>
Hi,
You're welcome, but to be clear: I only posted the link.
http://undeadly.org/cgi?action=about
> Thanks,
> Xavier
>
> On Sun, 21 May 2023 16:03:54 +0200
> Hiltjo Posthuma ha escrit:
>
> > On Sun, May 21, 2023
Thanks, Hiltjo, for your help. I very appreciate that.
Perhaps it could be useful to place it in official site.
What do you think? What kind of software do you use to generate the web page?
Perhaps I could help you to add RSS security advisories.
Thanks,
Xavier
On Sun, 21 May 2023 16:03:54
arch), FreeBSD and OpenBSD.
I have a news reader and I'm subscribed to many operating systems security
advisories so ocassionally I know there are some security bugs and then I need
to update one of my machine system.
Regarding to OpenBSD I just saw this errata page
[https://www.openbs
there is an RSS or Atom syndication advisories.
>
> I have several machines with several operaring system in them: GNU/Linux
> (alpine and arch), FreeBSD and OpenBSD.
> I have a news reader and I'm subscribed to many operating systems security
> advisories so ocassionally I
a news reader and I'm subscribed to many operating systems security
> advisories so ocassionally I know there are some security bugs and then I
> need to update one of my machine system.
>
>
> Regarding to OpenBSD I just saw this errata page
> [https://www.openbsd.org/er
Hi,
I just want to know if there is an RSS or Atom syndication advisories.
I have several machines with several operaring system in them: GNU/Linux
(alpine and arch), FreeBSD and OpenBSD.
I have a news reader and I'm subscribed to many operating systems security
advisories so ocassiona
But in general, OpenBSD seems to be the least-likely OS to allow
privilege escalation (see www.openbsd.org under the security link, LH
side near top, only 2 remotely exploitable holes in the default install
since ~1996, etc).
Due to recent reports of a bug allowing key detection based on cpu usage
va
Hello all,
I'm new to the mailing list so feel free to yell at me if I messed
something up here.
I currently use OpenBSD on my laptop for a number of reasons, mainly
performance and hardware support. However, I have been considering
setting up a multiuser POWER9 box for some Discord friends and I
On Fri, Jun 17, 2022 at 8:42 PM Gustavo Rios wrote:
> Excuse me, but how does rpcbind know that a incoming request, for
> set/unset, comes from the root user ?
>
Theo has already told you how the *portmap* program decides that: by
looking at the host and port the request is coming from.
(There
Excuse me, but how does rpcbind know that a incoming request, for
set/unset, comes from the root user ?
Thanks.
--
The lion and the tiger may be more powerful, but the wolves do not perform
in the circus
I am certain you can find it yourself.
Gustavo Rios wrote:
> may some here points me where rpcbind is implemented ? I would like to see
> the C code
> of it.
> Thanks.
>
> Em sex., 17 de jun. de 2022 às 00:20, Theo de Raadt
> escreveu:
>
> Gustavo Rios wrote:
>
> > Hi folks!
> >
> >
may some here points me where rpcbind is implemented ? I would like to see
the C code of it.
Thanks.
Em sex., 17 de jun. de 2022 às 00:20, Theo de Raadt
escreveu:
> Gustavo Rios wrote:
>
> > Hi folks!
> >
> > How does openbsd rpcbind prevent ordinary users to unset a given rpc port
> > mapping
Gustavo Rios wrote:
> Hi folks!
>
> How does openbsd rpcbind prevent ordinary users to unset a given rpc port
> mapping registered by, for instance, the root user ?
Poorly.
It will only allow local root (who request upon a reserved port) to touch
ports which are reserved (< 1024), and 2049 is
Hi folks!
How does openbsd rpcbind prevent ordinary users to unset a given rpc port
mapping registered by, for instance, the root user ?
Thanks.
--
The lion and the tiger may be more powerful, but the wolves do not perform
in the circus
errata:
> Date: Sat, 26 Jun 2021 02:03:18 +1000 (+1000)
> From: Reuben ua Bríġ
> after learning that OpenSTMP had used sytem(3) rather than execv(3)
> resulting in a bug reminiscent of the morris-worm
i had guessed it was system(3), but having now seen the advisory:
https://lwn.net/Art
> And i am going to suggest you show a diff, and go through the process
> Ingo just described
as i said, i am new to this, and wanted to discuss something in words
before providing a C diff that would doubtless be rejected given that i
have only just begun to learn C.
i would have been happy to t
Reuben ua Bríġ wrote:
> hi ingo, thanks for your reply.
>
> > I can't talk about the internals of the mount(2) syscall,
> > so i pass on that one to people who know better.
>
> !!! i feel i should emphasize,
> i am *not* presently suggesting any change to the mount(2) *system call*
> i *am* sug
hi ingo, thanks for your reply.
> I can't talk about the internals of the mount(2) syscall,
> so i pass on that one to people who know better.
!!! i feel i should emphasize,
i am *not* presently suggesting any change to the mount(2) *system call*
i *am* suggesting a change to the mount(8) *comman
Hi,
Reuben ua Brig wrote:
> when OpenBSD is happy to change even man.conf
We change things when all of the following hold:
1. There is a significant problem to be solved, or a significant
profit to be gained. Regarding man.conf: the old format was
over-engineered, wordy, hard to use,
to some of your point?
i felt doing so would have strayed beyond usefulness.
> Your comment about man.conf suggests we changed something which you
> hate and you want to wield it against us.
my point is that my impression of OpenBSD and your own policy has been
that it is acceptable to bre
Reuben ua Bríġ wrote:
> > I wonder why noone implimented such checks like that in the last 30
> > years. Might be because it breaks more than it fixes.
>
> i cant tell if you are being sarcastic or what it could possibly break
> or why that would matter when OpenBSD is happy to change even man.c
> I wonder why noone implimented such checks like that in the last 30
> years. Might be because it breaks more than it fixes.
i cant tell if you are being sarcastic or what it could possibly break
or why that would matter when OpenBSD is happy to change even man.conf
Reuben ua Bríġ wrote:
> > Probably because testing for the situation would be an unreliable
> > race. BTW, you explain the ssh behaviour incorrectly. It does not
> > warn. It fails, and refuses to continue. Failure is not permitted
> > for the mount system call in this circumstance, and the e
> Probably because testing for the situation would be an unreliable
> race. BTW, you explain the ssh behaviour incorrectly. It does not
> warn. It fails, and refuses to continue. Failure is not permitted
> for the mount system call in this circumstance, and the entire path
> upwards cannot be v
Reuben ua Bríġ wrote:
> mount(8) will follow a symlink(7), so obviously it is *very* stupid to
> mount under a directory a user other than root has write permission for,
> as they could, for example
>
> rm -rf path
> ln -s /etc path
>
> ? so why doesnt the man page for mount(8) m
) warn when a mount is unsafe,
like ssh(1) does with ~/.ssh
it can be quite tempting to make hotplugd mount thumb drives
under the home directory of whoever is at a workstation...
obviously the safe way to do it is use symlink(7) *for* security,
and make a link to /mnt under the users home
On 2021-06-10, Gustavo Rios wrote:
> Hi folks!
>
> I am planning a web serve using openbsd as the os and using php. My
> question is: how to avoid any given user from implement an php script that
> will read some else file, since everything will run as the web server user
> and group ?
>
> thanks
created by person B.
If you want to separate ownership of files then you have to create
different users and restrict php from reading directories that it shouldn't.
Another advice for 'web server security' is to don't give untrusted
users shell access or any write access
Hi folks!
I am planning a web serve using openbsd as the os and using php. My
question is: how to avoid any given user from implement an php script that
will read some else file, since everything will run as the web server user
and group ?
thanks a lot.
--
The lion and the tiger may be more pow
On Wed, May 05, 2021 at 01:44:24AM +0200, Alessandro Pistocchi wrote:
> Sorry, my keyboard went crazy and the message was sent incomplete.
>
> Continuing: normally the entry of username is immediately followed by the
> password entry.
> However, if the OS is busy for any reason between the two ent
.
Best,
A
-- Forwarded message -
From: Alessandro Pistocchi
Date: Wed, May 5, 2021 at 1:39 AM
Subject: rethinking terminal login with security in mind
To: OpenBSD misc
Hi all,
I am a new user. I have been using openbsd for the last few weeks on a
raspberry pi 4. I have used other unix f
Hi all,
I am a new user. I have been using openbsd for the last few weeks on a
raspberry pi 4. I have used other unix flavours in the past.
I was wondering, what about changing how echoing of characters work when
logging in from the terminal?
Every unix I tried, including openbsd, asks for the u
Paul Pace writes:
> When I load a page from OpenBSD served with relayd and httpd with
> Content-Security-Policy set to default-src self, I can see that a basic
> HTML page that normally renders with all of the text in the center is
> now rendered on the left.
When you enable cont
Paul Pace writes:
> When I load a page from OpenBSD served with relayd and httpd with
> Content-Security-Policy set to default-src self, I can see that a basic
> HTML page that normally renders with all of the text in the center is
> now rendered on the left.
>
> I have this cu
When I load a page from OpenBSD served with relayd and httpd with
Content-Security-Policy set to default-src self, I can see that a basic
HTML page that normally renders with all of the text in the center is
now rendered on the left.
I have this currently configured with http://mostlybsd.com
Gack, what a way to screw up my day off. :-)
I never thought anyone would refer to DISA STIGs in this mailing list.
On Fri, Nov 27, 2020 at 8:12 AM Ed Ahlsen-Girard wrote:
>
SNIP
> I can verify that there is no US Defense Information Systems Agency
> (DISA) Security Technical Imple
; answers by reading OpenBSD documentation with your lists of
> requirements in hand, checking off on your list (if any) as you go
> along.
I can verify that there is no US Defense Information Systems Agency
(DISA) Security Technical Implementation Guide (STIG) for OpenBSD. There
is a gene
On Thu, 26 Nov 2020 11:35:45 -0500
Nick Holland wrote:
> On 2020-11-25 17:10, Brogan Beard wrote:
> [...]
>
> Something to consider: run the AV against your boxes -- elsewhere!
>
> I have a similar situation at $DAYJOB. Not OpenBSD, but an OS that
> similarly has little malware written for
1 - 100 of 1430 matches
Mail list logo