Re: fun with mailinglists (was Re: Is chromium updated?)

nudist party. (Greta Thunberg about the world reacting to the > corona > crisis but not reacting appropriatly to the climate crisis.) > -- Thanks, John Runyon

Re: Gaps in security coverage?

On Tue, Nov 06 2018, Paul Wise wrote: > On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote: > >> Hi folks, > > FTR, in case you were trying to contact the Debian Security Team > directly I suggest using secur...@debian.org or > t...@security.debian.org instead, debi

Gaps in security coverage?

curity bugs fixed in jessie as RC for stretch somehow until they were also fixed there? 2) Is there a need for more help with security in general? If so, what kinds of volunteering would be appreciated? Thanks, John

Re: how can I contribute to debian-security?

hecklist - https://wiki.debian.org/Hardening Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1430

Re: Should we be alarmed at our state of security support?

On 02/19/2015 05:31 PM, Paul Wise wrote: > On Fri, Feb 20, 2015 at 12:40 AM, John Goerzen wrote: > >> Right now, the security tracker has, apparently, three status for each >> version of Debian: >> >> not vulnerable >> vulnerable >> fixed >> &g

Re: Should we be alarmed at our state of security support?

On 02/19/2015 08:24 AM, Michael Stone wrote: > On Thu, Feb 19, 2015 at 07:29:29AM -0600, John Goerzen wrote: >> However, part of what I was trying to figure out here is: do we have a >> lot of unpatched vulnerabilities in our archive? > > Yes. Every system (not just

Re: Should we be alarmed at our state of security support?

On 02/19/2015 12:25 AM, Michael Gilbert wrote: > On Wed, Feb 18, 2015 at 9:11 AM, John Goerzen wrote: >> On this machine, it found 472 vulnerabilities. Quite a few of them fit >> into the remotely exploitable, high urgency category. Many date back to >> last year, some as fa

Re: Should we be alarmed at our state of security support?

from_into/ . Why would the tracker say that such a thing wasn't important enough to fix? John

Re: Missing tiff3 patch in security repo

On 02/18/2015 08:53 AM, Thijs Kinkhorst wrote: > Hi John, > > On Wed, February 18, 2015 14:51, John Goerzen wrote: >> CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page... >> <http://security-tracker.debian.org/tracker/CVE-2013-1961> >> - lib

Should we be alarmed at our state of security support?

e is not a true vulnerability. However, many of them seem to be existing issues that just got forgotten somehow. I've traced a few through bug reports and such. I wonder: Are we already aware of these issues? Do we have plans to fix them? Do we know what would be helpful to fix them?

Missing tiff3 patch in security repo

ian.org/cgi-bin/bugreport.cgi?bug=712840 which mentions that the fix for this CVE could be easily ported to the tiff3 package for wheezy. However, it was never uploaded to wheezy. Any ideas how to fix this? John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a

Argonne Nat'l Lab no longer a public mirror

ould share, though since I haven't seen it posted elsewhere. John

Re: Debian Live CD - unsecured ssh open by default

Great news, thanks! On 01/31/2015 07:01 PM, Evgeny Kapun wrote: > This should be fixed in the latest version. See > https://bugs.debian.org/741678. > > On 01.02.2015 03:09, John Goerzen wrote: >> Hello, >> >> A friend of mine pointed out to me recently that the Deb

Debian Live CD - unsecured ssh open by default

get this fixed? Thanks! -- John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54cd6ed6.8030...@complete.org

RE: Kernal version upload

Who is Kernal Version and what does he want to upload? From: Kalai Nbm [mailto:kalai...@gmail.com] Sent: Dienstag, 2. Dezember 2014 10:12 To: debian-security@lists.debian.org Subject: Kernal version upload Plz help kernal version upload

CVE-2014-6277, CVE-2014-6278

sed. I think what I am reading here is that if you applied the latest patches to bash [3] you are not vulnerable to CVE-2014-6277. CVE-2014-6278. Running the test outlined on Icamtuf.blogspot.co.nz [4] seemed to confirm that. Any insights would be appreciated. Thanks! John [1]https://security-

Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

Hello, I was wondering if CVE-2014-7186 and CVE-2014-7187 been addressed yet for Debian. I note that Ubuntu pushed another patch addressing these earlier today. Thanks! John

RE: [SECURITY] [DSA 3029-1] nginx security update

PLEASE UNSUBSCRIBE. SORRY FOR SHOUTING, BUT NO ONE LISTENS! > From: car...@debian.org > To: debian-security-annou...@lists.debian.org > Date: Sat, 20 Sep 2014 06:14:34 + > Subject: [SECURITY] [DSA 3029-1] nginx security update > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - ---

RE: [SECURITY] [DSA 3025-2] apt regression update

UNSUBSCRIBE! - > From: car...@debian.org > To: debian-security-annou...@lists.debian.org > Date: Thu, 18 Sep 2014 20:30:42 + > Subject: [SECURITY] [DSA 3025-2] apt regression update > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - --

Re: Debian mirrors and MITM

On Sat, May 31, 2014, at 12:39 AM, Michael Stone wrote: > On Sat, May 31, 2014 at 12:32:59AM +1000, Alfie John wrote: > >I'm definitely wanting to engage in serious discussion. I'm an avid > >Debian user and am wanting to protect its users. This *is* the Debian > >

Re: Debian mirrors and MITM

On Sat, May 31, 2014, at 12:11 AM, Michael Stone wrote: > On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote: > >Several times (public and private) I tried to explain how the > >download of APT (the binary itself) on an initial Debian install > >could be compromise

Re: Debian mirrors and MITM

ust look over at our security tracker > and find that this package has an exploit... It's only metadata, so who cares right? Only kidding. This is a totally legitimate scenario which I didn't think of. Nice. Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, em

Re: Debian mirrors and MITM

tried to explain how the download of APT (the binary itself) on an initial Debian install could be compromised via MITM since it's over plaintext. Then the verification of packages could simply be skipped (hence NOP). I'm not sure why you're bringing libc and libgpg into the conversat

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 11:29 PM, Michael Stone wrote: > On Fri, May 30, 2014 at 11:25:58PM +1000, Alfie John wrote: > >Well yes, that's something. But serving Debian over HTTPS would prevent > >the need for this. > > No, it wouldn't--you'd just have a d

Re: Debian mirrors and MITM

e who > actually trust the CA system. That was my next question. If the fingerprints are on a HTTPS served page, then yes that seems like a valid solution. And thanks Reid Sutherland for telling me I have no clue. Much appreciated. Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCR

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 11:24 PM, Michael Stone wrote: > On Fri, May 30, 2014 at 11:13:31PM +1000, Alfie John wrote: > >As what I posted earlier, all you would need to do is to MITM the > >install of APT during an install. Who cares what the signatures look > >like s

Re: Debian mirrors and MITM

can be flawed and nobody bats an eye, APT uses GnuPG and > everyone (this guy) loses their mind? Strawman much? What does bring up OpenSSL have anything to do with Debian mirrors being MITM? Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@li

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 11:03 PM, Estelmann, Christian wrote: > In Oct 2013 a similar discussion startet > https://lists.debian.org/debian-security/2013/10/msg00027.html Thanks for the link, but that discussion went nowhere pretty fast. Alfie -- Alfie John alf...@fastmail.fm

Re: Debian mirrors and MITM

an install. Who cares what the signatures look like since you've NOPed the checksumming code! Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Debian mirrors and MITM

ting HTTPS, it would prevent QuantumInsert and FoxAcid being implemented during Debain installs and later package installs/updates. If you're worried about SSL certificates being compromised, going down the path of Debian self-signing its own certificate and distributed it via SneakerNet would be a

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 10:43 PM, Alfie John wrote: > > The cryptographic signatures that are validated automatically by apt. > > What's stopping the attacker from serving a compromised apt? Thinking about this more, If I wanted to target a Debian system via MITM, serving

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 10:24 PM, Michael Stone wrote: > On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote: > >The public Debian mirrors seem like an obvious target for governments to > >MITM. I know that the MD5s are also published, but unless you're > >verifyi

Debian mirrors and MITM

rties, what's stopping the MD5s being compromised too? Is there any compelling reason why the public Debian mirrors aren't served over HTTPS? If there isn't any, then further to this, is there any reason why not to mandate all public Debian mirrors HTTPS-only? Alfie -- Alfie John

Re: [SECURITY] [DSA 2935-1] libgadu security update

unsubscribe On Wed, May 21, 2014 at 2:33 PM, Moritz Muehlenhoff wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - - > Debian Security Advisory DSA-2935-1 secur...@debian.org > http://www.debian.

Re: Wheezy is vulnerable to CVE-2013-2094

On Tuesday, May 14, 2013, Gavin wrote: > On 14 May 2013 18:36, John Andreasson > > wrote: > > > > Hi. > > > > Was just alerted of a kernel bug in RHEL [1], but when testing the > sample code on Wheezy as an unprivileged user it successfully gives me

Wheezy is vulnerable to CVE-2013-2094

Hi. Was just alerted of a kernel bug in RHEL [1], but when testing the sample code on Wheezy as an unprivileged user it successfully gives me a root prompt. Kind of suboptimal. :-( Any idea when this is fixed? [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792

AUTO: John Asplin is out of office.

I am out of the office until 21/05/2012. I am currently out of the office. Note: This is an automated response to your message "[SECURITY] [DSA 2464-1] icedove security update" sent on 03/05/2012 16:45:46. This is the only notification you will receive while this person is away. -- To UNSU

libapache2-mod-fcgid in lenny vulnerable to hole for weeks

but AFAICT there are, as yet, no new packages. This is not an attack on any person/team, just a question about whether we have an organizational problem we need to correct. Thanks, -- John Goerzen -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsub

Re: Lenny version info

On Wed, Dec 15, 2010 at 11:17 AM, Ashley Taylor wrote: > stfu and stop replying to this chain. This is debian-security, not > debian-childish-trolling. It's called a thread not a chain. Chain e-mails are also frowned upon. Thanks. j -- To UNSUBSCRIBE, email to debian-security-requ...@lists.de

Re: Lenny version info

On Wed, Dec 15, 2010 at 7:10 AM, Ashley Taylor wrote: > Sorry, this is the way Gmail handles replies. > No, it's the way YOU handle replies. Gmail happens to place the cursor at the top of the email, setting you up for a jeopardy reply. It's trivial to scroll down a little and type within the mes

Re: Lenny version info

On Wed, Dec 15, 2010 at 6:49 AM, Ashley Taylor wrote: > Hi, > > Does anyone have any decent filter rules for Gmail so I can stop receiving > this nonsense without unsubscribing? > Thanks. http://tinyurl.com/2b3g2l4 Also, since you need it: http://tinyurl.com/ybpctcz Please particularly note it

repositories for AMD 64 apps

. Thanks John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1277655563.6723.7.ca...@beast.johnwfoster.info

what security lists would you consider "a must" to be on?

Hello all, I realize this is a broad question. I'd like to know what security related lists folks on *this* list subscribe to. I see that full-disclos...@lists.grok.org.uk and bugt...@securityfocus.com are cc'd on the Ubuntu Security Announcements list. What lists do you swear by? Tha

Re: [SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities

of Debian. It would be helpful if it also mentioned that the mitigation steps for etch (e.g. none so far as I know) and etchnhalf. Thanks for considering this. John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw

.mmap_min_addr I am a noob and haven't had experience with sysctl tuning so my head is sort of spinning here. Thanks! John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw

On Wed, Nov 4, 2009 at 9:15 AM, Dominic Hargreaves wrote: > On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote: >> I see that there is another null pointer dereference flaw being talked about. >> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ >> >>

Debian 4.0 and mmap_min_addr null pointer dereference flaw

/mmap_min_addr I am running some servers running Debian 4.0. I doesn't look like there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these values stored under Debian 4.0. What is the right way to proceed? Should I be looking at upgrading my servers? Thanks! John -- To UNSUBSCRIBE,

"libsasl2": is there an announce list for "Main"

formation about the nature of the update. Perhaps if I knew how to ask apt it would tell me? Anyway I hate to apply patches that I don't have an idea about. So hopefully someone can enlighten me. Thanks! John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subje

Recommend good IDS? was Re: /dev/shm/r?

intenance, quality of the tool, and ability to have it deliver really useful information to the admin. I've used SNORT a bit in the past and my feeling was that it was so chatty that it was actually hard to tell if something bad was happening or not. John -- To UNSUBSCRIBE, email

Re: What is best practice for managing sources.list for security and stability?

Thanks Thijs, Russ and Dan. I appreciate the insight. John >> >> Is the approach I outlined the "best" way to maintain the security and >> stability of these box's or should I really be using the main >> repositories as well? > > We maintain local m

What is best practice for managing sources.list for security and stability?

uld I really be using the main repositories as well? Thanks! John -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Securing my PC at a Wireless Hotspot?

On Sun, Feb 8, 2009 at 3:56 AM, Chip Panarchy wrote: > So, how do I secure my PC at a Wireless Hotspot? > This is on the borderline of debian-user and debian-security. People will argue both ways on that. Use a VPN or an SSH tunnel to a trusted source. I use one of my servers, either a VPS I r

Re: Linux infected ?

your Wine files of > the pseudo-Windows installation. Even so, I'm not sure it will be much Uhmm you are aware that you can mount $HOME in Wine, right? ISTR it even does this by default. -- John > effective. Even if it wrote to the registry an entry to start-up > automatically

Re: What to do about SSH brute force attempts?

On Thu, Aug 21, 2008 at 10:33 AM, Michael Tautschnig <[EMAIL PROTECTED]> wrote: > Hi all, > > since two days (approx.) I'm seeing an extremely high number of apparently > coordinated (well, at least they are trying the same list of usernames) brute > force attempts from IP addresses spread all over

Re: Tinydns - cache poisoning?

Stephen Vaughan wrote: Hi, Does anyone know if TinyDNS is vulnerable to the dns cache poisoning exploit? I run tinydns servers, I ran the test below and it came back as POOR. mh1:~# dig +short @ns1.example.com porttest.dns-oarc.net TXT

Sarge, Bind9 (9.2.4-1sarge3) and DNS cache poisoning

Hi, We have a couple of Sarge servers running bind9(9.2.4-1sarge3) that appear to be vulnerable to the DNS cache poisoning issue(Looks like port randomization was only introduced in bind9.3?) - As the servers cannot be upgraded at this time to etch, what is the recommended course of action? Back

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

On Tue, May 13, 2008 at 7:10 PM, Steve Suehring <[EMAIL PROTECTED]> wrote: > Note that doing either of these will result in host key failures and > warnings for any clients attempting to connect to you. This is > especially bad if you have things like rsync over ssh in a cron job. > Moral of

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat <[EMAIL PROTECTED]> wrote: > OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, "John > Keimel" <[EMAIL PROTECTED]> disait: > > > >> Since some keys are generated automatically, (e.g.

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

On Tue, May 13, 2008 at 3:52 PM, Jan Luehr <[EMAIL PROTECTED]> wrote: > > For the last question, I see several solutions: > > - the user has to read the DSA and handle it himself > > Since some keys are generated automatically, (e.g. ssh host keys) users will > have to regenerate keys,they ha

Re: CISP Compliance

On 8/20/07, Jonathan Wilson <[EMAIL PROTECTED]> wrote: > Sorry if this is the wrong place for this, but: > > Does anyone know of a place I can get information on setting up CISP (VISA > credit card) compliant Debian systems - or Linux in general, if there's no > Debian-specific info. I've been sear

Re: secure installation

On 8/15/07, Pat <[EMAIL PROTECTED]> wrote: > 1) What if someone (and I am sure it happens more often than you may > realize) who is clueless about computers decides to download Debian, > installs it, get hacked, trojaned horsed, their credit cards numbers > stolen, etc. > It is called responsibili

Re: Package management and security

The security team looks at the diffs for the patch to version 2 of the software, identifies the parts that fix the bug in version 1 and manually back port the bug fix to version 1. We end up with a Debian specific version that doesn¹t introduce new dependencies or features. This works with great su

Re: [SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities

I am not able to get updates. The apt-get update command times out after a few minutes. What is the proper syntax for "purge"? John Patterson - Mensagem Original - De: [EMAIL PROTECTED] (Martin Schulze) Data: Terça-Feira, 20 de Março de 2007, 19:40 Assunto: [SECURITY] [DSA 1

Register

Please register my name for update/upgrade notifications. Thanks in advance. John Bugg Get your email and see which of your friends are online - Right on the new Yahoo.com

Debian bad i386 Release file signature on Nov 9?

bian_dists_unstable_Rele ase.gpg \ /var/lib/apt/lists/http.us.debian.org_debian_dists_unstable_Release gpgv: Signature made Wed Nov 9 15:36:39 2005 CST using DSA key ID 4F368D5D gpgv: BAD signature from "Debian Archive Automatic Signing Key (2005) <[EMAIL PROTECTED]>" John -- J

Re: What's going on with advisory for phpmyadmin?

On Fri, Oct 28, 2005 at 04:26:43PM +0100, Steve Kemp wrote: > > This seems to be a very frequent problem going on for awhile now. > > > > Could someone from the security team comment on what the problem is? > > The problem is that we receive a lot of reports, each of which may > involve a sign

Re: What's going on with advisory for phpmyadmin?

On Fri, Oct 28, 2005 at 04:42:31PM +0200, Piotr Roszatycki wrote: > Why my report was ignored? I've reported the problem 3 days ago and I had no > reply. This seems to be a very frequent problem going on for awhile now. Could someone from the security team comment on what the problem is? -- T

Re: On Mozilla-* updates

a/run-mozilla.sh' to get it to go. John David Ehle wrote: The solution to this problem is simple. We change the meaning of stable to "stable except for such cases as security demands upgrading versions rather than backporting patches." And then leave the old insecure version o

Re: named: 'error sending response: unexpected error'

On Wed, Jul 13, 2005 at 08:25:37AM +0200, Adrian von Bidder wrote: > | Jul 12 18:41:07 zbasel named[5317]: client 24.93.40.63#38829: error > sending response: unexpected error > > I've never received any complaints about DNS problems nor did I see any > stability problems. IP addresses seem com

Re: Please allow drupal 4.5.3-1

On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote: > Steve Langasek <[EMAIL PROTECTED]> writes: > > So, you are not accepting my drupal_4.5.3-1 (or -2) package into sarge > because 4.5.3 fixes more than cited security issue? Why are you not using the simple patch available at http://dr

Re: Richtig swappen

On Fri, Jan 28, 2005 at 10:46:24AM +0100, martin f krafft wrote: > also sprach Demonen <[EMAIL PROTECTED]> [2005.01.28.1036 +0100]: > > Stop the german. > > Ha! Naturlich! Nodingkt kan stop ze German! I feel a call to "dict blinkenlights" coming on... -- To UNSUBSCRIBE, email to [EMAIL PROTECT

Re: Debian Hardened project (question about use of the "Debian" trademark)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorenzo Hernandez Garcia-Hierro wrote: [...] Good, at least you understand that :) |> |>Yes and then the program halts and gets SIGABRT. Do you not know what a |>DoS attack is? |> |>[...] | | | Duty of Shame ? | OK, leaving the Fun Mode off... | (here

Re: Debian Hardened project (question about use of the "Debian" trademark)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorenzo Hernandez Garcia-Hierro wrote: | Hi John, | | El vie, 17-09-2004 a las 19:04, John Richard Moser escribió: | |>-BEGIN PGP SIGNED MESSAGE- |>Hash: SHA1 |> |> |> |>Lorenzo Hernandez Garcia-Hi

Re: Debian Hardened project (question about use of the "Debian" trademark)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorenzo Hernandez Garcia-Hierro wrote: | Hi, | [...] | Debian Hardened is like Debian Junior, and the rest of subprojects. | *We* must provide the best (and the easiest) way to harden Debian for | advanced users, sysadmins or just people that want a re

Big security hole in (my config of) PAM

Whenever I add the line authrequired pam_securetty.so to my /etc/pam.d/common-auth Then ANY user can log in with ANY password (or with no password at all). Here's the file: #authrequired pam_securetty.so authrequiredpam_nologin.so authsufficient pam_un

[no subject]

Regards, John Long | Residential Technical Support | Esat BT | Tele: 1890 933 111 E: [EMAIL PROTECTED] | www.esatbt.com Our commitment to customer satisfaction continues to be recognised by both our customers and industry, with BT Global Services being short listed in the 'Best Customer

PaX demo results, logs, reproduction data

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have completed an in-house test of a PaX demonstration. The demo includes the PaX patch; a patch I made to suppliment PaX with boot-time selection of NX mode; a script `pax-flags` to mark binaries with chpax/paxctl and execstack (to turn the executab

Re: PaX on Debian (Demo setup)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've got a chunk of data that can be used for a demo setup over here. I would like the help of any debian developers that would like to package up a set of kernels and the scripts that come with this and place them in a mini-repository, to give the dev

Re: PaX on Debian (Kernel Settings)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This post is also being forwarded to debian-kernel, as it contains the appropriate kernel settings. This is a continuation of the message from the debian-security and debian-devel lists, archived at http://lists.debian.org/debian-security/2004/07/msg00

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 GOTO Masanori wrote: | At Mon, 26 Jul 2004 15:38:37 -0400, | John Richard Moser wrote: | [...] | | | Is this VSYSCALL issue? I guess we can backport it without large | obstacle, but I have no spare time within a few days to work this bug | because

Re: PaX on Debian (Recap 1)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'll do a recapitulation of what has been covered thusfar in this message. It's a long one, but it'll get us all on the same channel. John Richard Moser wrote: | I'm interested in discussing the viability of PaX on Debian. I

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andres Salomon wrote: | On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote: | |>-BEGIN PGP SIGNED MESSAGE- |>Hash: SHA1 |> |> |> |>Andres Salomon wrote: |>| On Sun, 25 Jul 2004 12:57:29 -0400, Joh

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andres Salomon wrote: | On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote: | | | I'm interested in discussing the viability of PaX on Debian. I'd like | to discuss the changes to the base system that would be made, the costs | i

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Found a problem. Russell Coker wrote: | On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]> wrote: [...] | | We have recently discussed this on at least one of the lists you posted to. | The end result of the discussion is that

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Russell Coker wrote: | On Mon, 26 Jul 2004 13:48, John Richard Moser <[EMAIL PROTECTED]> wrote: | |>| Before we can even start thinking about PaX on Debian we need to find a |>| maintainer for the kernel patch who will package new ver

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Russell Coker wrote: | On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]> wrote: | |>I'm interested in discussing the viability of PaX on Debian. I'd like |>to discuss the changes to the base system that would b

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 . . . .thunderbird is being weird. It's giving me > where >> should be, and >> wehre > should be. EH. Andres Salomon wrote: | On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote: | | | I'm interested in discus

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: [...] |>Firefox sets off SSP itself on load. | | | When you say 'sets of' do you mean disable? I find that unlikely, | as it's not the kind of thing that can be disabled when all the | canary checking code is incorporated into th

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: | On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote: | | |>| I have been flirting with SSP for months now, but the most recent |>| patches included with GCC do not apply cleanly. Watch for a bug |>| ag

Re: PaX security and kernel-patch-grsecurity2 and trustees

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hanasaki wrote: | what is the relationship between PaX, grsecurity and trustees? | PaX is a separate project from grsecurity. The grsecurity developer finds interest in PaX, and so supplies it with grsecurity. Dunno about trustees. | Will the kernel-p

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: | On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote: | | |>A PaX protected base would also benefit from Stack Smash Protection, |>which can be done via the gcc patch ProPolice. | | | I have been flirting wi

PaX on Debian

would be ideal to look over. Please reply and cite specific concepts you would like to discuss further. I would rather not write up a 10 page paper by explaining all of these at once; but if demanded, I'll do just that. Be ready to swallow a large pill though. - --John - -- All content of al

subscribe

__ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/

subscribe

__ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Linux clients in network - experiences?

re many ways you can implement this. John

Re: Linux clients in network - experiences?

re many ways you can implement this. John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Fwd: Re: [ox-en] Walther

associate with, and trying to lecture some ill-defined "community" with no real boss is an exercise in futility. -- John

Re: Fwd: Re: [ox-en] Walther

On Wed, Feb 25, 2004 at 06:02:22PM +0200, Martin Hardie wrote: > so the use of debian products for rascist work is ok for debian Yes, it is. Our Debian Free Software Guidelines enforce a mandate of no discrimination. Software included in Debian does not discriminate on people based on their

Re: Fwd: Re: [ox-en] Walther

associate with, and trying to lecture some ill-defined "community" with no real boss is an exercise in futility. -- John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Fwd: Re: [ox-en] Walther

On Wed, Feb 25, 2004 at 06:02:22PM +0200, Martin Hardie wrote: > so the use of debian products for rascist work is ok for debian Yes, it is. Our Debian Free Software Guidelines enforce a mandate of no discrimination. Software included in Debian does not discriminate on people based on their

  1   2   3   4   >