Lawrence;
I see that the key here is that the attacker is a user with local access to a
system (be it by login, security hole in another binary giving shell access as
that binary's user, etc). The admin merely runs the innocent package, and due
to the attacker's symlinks, causes damage to his ow
Effort to reduce this kind of a security "hole" are quite fruitless, so long as I
or anyone can build a ./configure that will simply "rm -fr /*"; nevertheless, I do
support David's comment:
> 2. A non-root mindset should be encouraged. Indeed, I'd support a case
> for a default of "if root th
This is really not an issue; standard users cannot overwrite /etc/passwd
You don't compile/install unknown software as root, do you? If so, then
my configure file says this:
date > /etc/passwd
Sure, this could be replaced with a hashed random name, but the same
vulnerability remains. Don't b
Patrick Guio wrote:
> If I just "touch configure" then everything is running ok again. I am not
> sure which of the package is generating this trouble nut is there any
> policy/strategy of using configuration tool together with a cvs
> repository?
A common timestamp issue is introduced when devel
RR doesn't resolve back as C&P. Obviously, someone's making
this stuff up, but I don't get why.
Just so you know... this is spam to say that the original spam didn't
come from me.
Why are we still allowing posts from addresses that aren't on this list?
Allan
Paul Lew wrote:
> I would like to propose we modify automake (and autoconf) to allow
> multiple versions of automake coexisting on a given system. In our
> work, we used various open source libraries and each one of them work
> with a particular version of automake. This makes it hard for us to
> As I recall, a long time ago the Gnits group decided that we simply
> wouldn't support more than 2 release numbers. If the current release
> is 1.4, then the next one is 1.5. Unfortunately for us, I didn't want
> to do this with automake since I've been saying for a long time "1.5
> will do th
One alternative is to go to whatever egroup.com is now. Egroup grew
from bigfoot or something, it's a list-server that requires that all
posters are members of the list.
Invites may be required.
Or... GNU could extend their mailinglists to require authentication on
their website and membership
Akim, everyone;
Is there I way I can simply get the discussion, without the binary/patch
traffic? I would prefer to receive this kind of thing through an update
from a source-control (ie CVS) than copies from email.
Should I sign up on a different list? Should [EMAIL PROTECTED]
be formed?
All
Alexandre Oliva wrote:
> On May 29, 2000, Marek Kowal <[EMAIL PROTECTED]> wrote:
>
> > I have an .x file and want to create, using rpcgen, stub files in
> > automake. Later on I want to compile and link part of them into server,
> > and the other part into client. Did anybody excercised this alre
Perhaps the tack to sail on this component is not "make rpm" but "make
package", where a number of files is converted to a ~.spec,
prototype/pkginfo, ~.cmpnt/~.pkg/~.prod, or whatever:
1) list of files (source -> target)
2) inittab mods
3) rc.d mods
4) copywrite (with shorthand for current GPL, M
11 matches
Mail list logo
