On Wed, Apr 04, 2012 at 09:43:35PM +0200, Bj?rn Ketelaars wrote:
> 2012/4/4 Todd C. Miller :
> > Why do we care if the user exists? Ideally, you want the code to
> > behave more or less the same whether the user is real or not.
> > Otherwise, a remote attacker can guess valid usernames by timing
USAirways online check in%Save time with Web Check-in
You have to check infrom 24 hours and up to 60 minutes beforeyour flight (2
hours if you're flyinginternationally).Then, all you need todo is print your
boarding pass andproceed to the gate. Confirmationcode:960785Check-in online:
Online re
2012/4/4 Todd C. Miller :
> Why do we care if the user exists? Ideally, you want the code to
> behave more or less the same whether the user is real or not.
> Otherwise, a remote attacker can guess valid usernames by timing a
> login attempt.
>
> For safety's sake, it makes sense to reject a usern
Hi,
On Wed, 4 Apr 2012 13:19:06 +0200
Claudio Jeker wrote:
> On Wed, Apr 04, 2012 at 02:34:46PM +0900, Yasuoka Masahiko wrote:
>> On Tue, 31 Jan 2012 13:59:17 +0100
>> "Sebastian Reitenbach" wrote:
>> > However, I noted with tcpdump, listening on tun0:
>> >
>> > # tcpdump -n -i tun0
>> > tcpdum
Why do we care if the user exists? Ideally, you want the code to
behave more or less the same whether the user is real or not.
Otherwise, a remote attacker can guess valid usernames by timing a
login attempt.
For safety's sake, it makes sense to reject a username with a '/'
in it since the yubike
On Wed, Apr 04, 2012 at 03:51:38PM +0200, Mike Belopuhov wrote:
> On Wed, Apr 04, 2012 at 14:42 +0400, Alexander Polakov wrote:
> > This is a diff from NetBSD pr.34583:
> > http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=34583
> >
> > Quoting the author:
> >
> > "I noticed that when
> Why doesn't login_yubikey just use getpwnam() to check if the
> user exists like the other login_* mechs?
Why make it simple if there are exciting pattern matching options like
regexp or multiple if-statements ;-)
Index: login_yubikey.c
==
On 2012/04/04 15:34, Bjvrn Ketelaars wrote:
> 2012/4/3 Theo de Raadt :
> > Hmm, I'd like to see that refactored somehow.
> >
> > Also, '-' should not be legal at the start of a login name. There
> > are things that care. I think at the end it is OK, though.
> >
> > Crazy eh. Isn't there somethin
pretty confident a regex wont fly :)
On 04/04/2012, at 11:34 PM, Bjvrn Ketelaars wrote:
> 2012/4/3 Theo de Raadt :
>> Hmm, I'd like to see that refactored somehow.
>>
>> Also, '-' should not be legal at the start of a login name. There
>> are things that care. I think at the end it is OK, thoug
On Wed, Apr 04, 2012 at 14:42 +0400, Alexander Polakov wrote:
> This is a diff from NetBSD pr.34583:
> http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=34583
>
> Quoting the author:
>
> "I noticed that when writing large file (hundreds of megabytes)
> to an msdos disk, the wr
* Alexander Hall [120404 16:16]:
> Alexander Polakov wrote:
> >tests:
> >
> >w/o the patch:
> > time cp huge.file /mnt/storage/
> > 4m5.87s real 0m0.04s user 0m17.56s system
> >
> >w/the patch:
> > time cp huge.file /mnt/storage/
> > 2m22.48s real 0m0.02s user 0m45.30s system
2012/4/3 Theo de Raadt :
> Hmm, I'd like to see that refactored somehow.
>
> Also, '-' should not be legal at the start of a login name. There
> are things that care. I think at the end it is OK, though.
>
> Crazy eh. Isn't there something else in libc that checks this?
New diff:
Index: login_
Alexander Polakov wrote:
>This is a diff from NetBSD pr.34583:
>http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=34583
>
>Quoting the author:
>
> "I noticed that when writing large file (hundreds of megabytes)
> to an msdos disk, the writing speed to a file decreases with the
On Wed, Apr 04, 2012 at 02:34:46PM +0900, Yasuoka Masahiko wrote:
> On Tue, 31 Jan 2012 13:59:17 +0100
> "Sebastian Reitenbach" wrote:
> > However, I noted with tcpdump, listening on tun0:
> >
> > # tcpdump -n -i tun0
> > tcpdump: listening on tun0, link-type LOOP
> > 13:51:15.354776
> > tcpdump
This is a diff from NetBSD pr.34583:
http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=34583
Quoting the author:
"I noticed that when writing large file (hundreds of megabytes)
to an msdos disk, the writing speed to a file decreases with the
file length.
Si
On 04/04/2012 07:34 AM, YASUOKA Masahiko wrote:
On Tue, 31 Jan 2012 13:59:17 +0100
"Sebastian Reitenbach" wrote:
However, I noted with tcpdump, listening on tun0:
# tcpdump -n -i tun0
tcpdump: listening on tun0, link-type LOOP
13:51:15.354776
tcpdump: WARNING: compensating for unaligned libpca
16 matches
Mail list logo
