The flags passed to open(2) and openat(2) are not a simple bitset.
Instead, the bits in O_ACCMODE are effectively an enumeration, and the
other bits are or'ed onto that.
For example, a function that wraps open(2), taking a flag argument that it
passes through, that wants to verify that it was
This might be what your thinking of.
https://httpd.apache.org/security/CVE-2011-3192.txt
Description:
A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server prior to version
2.2.20:
http://seclists.org
On Sun, 3 May 2015, Nicolas Bedos wrote:
> I am wondering if the seccomp system call [1] would be welcomed
> in the OpenBSD tree. I remember it was among the subjects of last
> year's Google Summer of Code. If there is still interest in having
> it implemented, I am willing to work on it: I have a
On Sun, May 3, 2015 at 8:18 PM, Nicolas Bedos wrote:
> I am wondering if the seccomp system call [1] would be welcomed in the
> OpenBSD tree. I remember it was among the subjects of last year's Google
> Summer of Code. If there is still interest in having it implemented, I
> am willing to work on
I am wondering if the seccomp system call [1] would be welcomed in the
OpenBSD tree. I remember it was among the subjects of last year's Google
Summer of Code. If there is still interest in having it implemented, I
am willing to work on it: I have a diff that creates the system call and
allows secc
On Sun, May 03, 2015 at 08:14:25PM +0200, Sebastian Benoit wrote:
> one question though: whats the reasoning behind MAX_RANGES 4? nginx seems to
> have a default of "unlimited" (which i think questionable), but what is
Wasn't there a cve about this last year or so? You can try to burn cpu
and io o
On Sat, May 02, 2015 at 12:27:46PM +0800, Nathanael Rensen wrote:
> The smtpd enqueue -S option does not take an argument.
>
committed, thanks
--
Gilles Chehade
https://www.poolp.org @poolpOrg
Florian Obser(flor...@openbsd.org) on 2015.05.03 12:39:02 +:
> On Sun, May 03, 2015 at 01:46:56PM +0200, Sunil Nimmagadda wrote:
> > On Sat, May 02, 2015 at 02:49:30PM +, Florian Obser wrote:
> > > Sorry for the very late reply, I'm currently very busy :/
> >
> > Thank you for taking time
On Sun, May 03, 2015 at 11:14:48AM -0500, Kyle Thompson wrote:
> On Sun, May 03, 2015 at 03:00:40PM +, Florian Obser wrote:
> > On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote:
> > RFC 7232
> >
> >A recipient MUST ignore the If-Modified-Since header field if the
> >received field-v
On Sun, May 03, 2015 at 03:00:40PM +, Florian Obser wrote:
> On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote:
> RFC 7232
>
>A recipient MUST ignore the If-Modified-Since header field if the
>received field-value is not a valid HTTP-date, or if the request
>method is neither GET
I haven't heard back from anyone. Since the release has passed, has
anyone had time to look at this?
I think that I should move the time parsing out of server_file
to server_http so it can be reused later. I'm also not sure about
the placement of the check. Additionally, I'm using timeoff which
On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote:
> I found 'timeoff' to be useful for converting to a time_t that is in
> GMT; however, did not find documentation on this in the man pages. It
> seems to be a function dating back to at least the NetBSD fork. If
> there is a better time function
On Sun, May 03, 2015 at 01:46:56PM +0200, Sunil Nimmagadda wrote:
> On Sat, May 02, 2015 at 02:49:30PM +, Florian Obser wrote:
> > Sorry for the very late reply, I'm currently very busy :/
>
> Thank you for taking time to review it. A new patch with style nits
> fixed and a gratuitous NULL che
On Sat, May 02, 2015 at 02:49:30PM +, Florian Obser wrote:
> Sorry for the very late reply, I'm currently very busy :/
Thank you for taking time to review it. A new patch with style nits
fixed and a gratuitous NULL check removed.
[trimming some text]
> this is missing the server_file_method
Hi @tech,
This patch for fix security.html page
- cleanup not found link to errata20.html
- add link to errata57.html
Index: security.html
===
RCS file: /cvs/www/security.html,v
retrieving revision 1.419
diff -u -p -u -p -r1.419 secu
15 matches
Mail list logo