Re: untrusted translators

2005-03-21 Thread Neal H. Walfield
At 20 Mar 2005 20:15:03 -0800, Thomas Bushnell BSG wrote: > > Marcus Brinkmann <[EMAIL PROTECTED]> writes: > > > Following untrusted translators in the filesystem is a real security > > hazard. > > Can you say more about a specific losing scenario? I did my level > best to make sure that follow

Re: untrusted translators

2005-03-21 Thread Marcus Brinkmann
At 20 Mar 2005 20:15:03 -0800, Thomas Bushnell BSG wrote: > > Marcus Brinkmann <[EMAIL PROTECTED]> writes: > > > Following untrusted translators in the filesystem is a real security > > hazard. > > Can you say more about a specific losing scenario? I did my level > best to make sure that follow

Re: heads up

2005-03-21 Thread Alfred M. Szmidt
Thomas, we can aruge all we want, for days and years. But the fact is that the only way to prove that you design actually works is to implement it. I can't disprove that it won't work, since that is theoretically impossible. ___ Bug-hurd mailing list

Re: heads up

2005-03-21 Thread Thomas Bushnell BSG
"Alfred M. Szmidt" <[EMAIL PROTECTED]> writes: > Thomas, we can aruge all we want, for days and years. But the fact is > that the only way to prove that you design actually works is to > implement it. I can't disprove that it won't work, since that is > theoretically impossible. I'm not trying

Re: untrusted translators

2005-03-21 Thread Thomas Bushnell BSG
Marcus Brinkmann <[EMAIL PROTECTED]> writes: > Now, we have our own temp reaper. And a tmp reaper would be trivial > if you would hack rm to have a "--do-not-follow-translator" option. > But I believe that is not good enough. The reason is that So my response in the past has been "filesystem tr

Re: untrusted translators

2005-03-21 Thread Marcus Brinkmann
At 21 Mar 2005 06:39:31 -0800, Thomas Bushnell BSG wrote: > > I have posted a suggestion to fix this a long time ago, but can't find > > the mail right now (maybe I never sent it?). The solution would be to > > always open nodes with O_NOTRANS, and if the translator bit is set, > > there is a user

Re: untrusted translators

2005-03-21 Thread Thomas Bushnell BSG
Marcus Brinkmann <[EMAIL PROTECTED]> writes: > I don't fancy the fact that my suggested default includes a "system > range" of user IDs. One idea is to have the default (without any > environment variable set) to be "@all"[1], and then just make sure that > distributions ship with an appropriate

Your eBay account could be Suspended

2005-03-21 Thread eBay Security Validation
>>   Dear eBay member,     We at eBay are sorry to inform you that we are having problems with the billing information of your account. We would appreciate it if you would visit our eBay Billing Ce