of the
approach taken for apparmor is that all software *does* continue to work out
of the box. If you found it otherwise, I think you should be filing a bug
report against apparmor.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer
should not be considered vulnerable
> the same way?
Because su does not attempt to control what commands are being run; if you
can su to another user, you can run arbitrary commands as that user, which
means there's no sense in trying to filter the environment.
--
Steve Langasek
uldn't need to check the auth log for user errors but
> could just trace the login process, crack shadow, write a
> custom pam module or something similar to get your login
> credentials.
No, that's not true. The only added permission the 'adm' group has on
Debi
fact that the security team made this statement means they
were aware 1.4.6-2 was a candidate for inclusion in etch.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED]
SAs since then,
though they may have done uploads that haven't yet been published (I
wouldn't know, not having access to look on klecker).
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
On Fri, Jun 03, 2005 at 08:19:22AM +0200, Martin Schulze wrote:
> Steve Langasek wrote:
> > On Wed, Jun 01, 2005 at 07:16:00PM -0700, Ian Eure wrote:
> > > On Wednesday 01 June 2005 04:54 pm, Hilko Bengen wrote:
> > > > Just a few hours ago, the Drupal project
ase team...
He did contact the release team; unfortunately, the diff between 4.5.2 and
4.5.3 is rather large and I don't believe it's all security-related, so I
think this will have to be left for the security team after all.
Thanks,
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
g addressed by
the version currently in unstable.
Thanks,
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
On Fri, Nov 26, 2004 at 05:21:03PM -0200, Otavio Salvador wrote:
> Current CAN-2004-1010 was fixed on zip 2.30-8 but current sarge
> version still vulnerable. This package need to be included on sarge to
> solve it.
It already has been.
--
Steve Langasek
postmodern programmer
sign
27;m likely to let the source age in unstable for a bit before
pushing it in, since I don't have the time to fully review the changes
directly.
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
stribute them effectively. Though rsync might make things nicer
for end-users on low-speed connections, I think it'll be a long time
before this archive will come anywhere near the bandwidth requirements
for even a single site that publically mirrors unstable or testing.
Steve Langasek
postmodern programmer
pgpifHR7aTEMk.pgp
Description: PGP signature
On Sat, Jun 22, 2002 at 06:24:39PM +1200, Nick Phillips wrote:
> On Sat, Jun 22, 2002 at 12:21:12AM -0500, Steve Langasek wrote:
> > I think it shouldn't be /too/ hard to find other developers interested
> > in working on this...
> For example, I intend in the near-ish fu
regard to this sort of software.
I think it shouldn't be /too/ hard to find other developers interested
in working on this...
Steve Langasek
postmodern programmer
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello Matthew,
I'm a little confused as to why you're cc:ing me on these messages?
Steve Langasek
postmodern programmer
On Thu, Jun 20, 2002 at 08:20:56PM +1200, Matthew Grant wrote:
> Source and an i386 .deb are now up on:
> http://people.debian.org/~grantma
>
On Tue, Mar 12, 2002 at 05:18:34PM +1300, John Morton wrote:
> On Tuesday 12 March 2002 15:52, Steve Langasek wrote:
> > > Doesnt dpkg also compile with a static zlib? Why does it not make
> > > this list?
> > What Internet-accessible port are you running dpkg on? :)
Doesnt dpkg also compile with a static zlib? Why does it not make
> this list?
What Internet-accessible port are you running dpkg on? :)
dpkg doesn't normally run on a network port, so exploiting it doesn't
get you local access unless you already have it; and it's not sui
On Tue, Mar 12, 2002 at 05:18:34PM +1300, John Morton wrote:
> On Tuesday 12 March 2002 15:52, Steve Langasek wrote:
> > > Doesnt dpkg also compile with a static zlib? Why does it not make
> > > this list?
> > What Internet-accessible port are you running dp
Doesnt dpkg also compile with a static zlib? Why does it not make
> this list?
What Internet-accessible port are you running dpkg on? :)
dpkg doesn't normally run on a network port, so exploiting it doesn't
get you local access unless you already have it; and it's not suid, so
18 matches
Mail list logo
