On Sun, Dec 17, 2000 at 10:36:03AM -0600, Kevin van Haaren wrote:
>Is there another way to securely provide
> authenticated smtp?
you can use TLS insteed. but you must read the documentation for bring
it to work
bastian
--
No more blah, blah, blah!
On Tue, Aug 01, 2006 at 05:59:43PM +0200, Goswin von Brederlow wrote:
> Now to my question. Lustre needs a specialy patched kernel
Why? Ah I see, they don't know how to abstract that and get informations
how to do that properly from upstream.
>
On Fri, Dec 14, 2007 at 01:04:32PM +0200, Tirla Adrian wrote:
> so the ISP suggested (actually demanded)
> to allow only access to some services like http, https, smtp, pop3 and
> to limit all others.
And this is called internet?
> Due to some net
On Mon, Feb 11, 2008 at 09:48:24AM +, Michael D. Norwick wrote:
> Found this on the xen-users list this morning. Has this been addressed
> in Debian yet?
Yes, it is fixed in DSA 1494.
Bastian
--
Each kiss is as the first.
-- Miramanee, Kirk's wife, "The Paradise Syndrome",
On Fri, May 16, 2008 at 02:55:22PM +0200, Josep M. wrote:
> After do more checks, SASL only check the 8 first characters of the
> password, how can I do that will check all characters?
You use traditional crypted passwords? Check /etc/shadow.
Bastian
--
Star Trek Lives!
--
To UNSUBSCRIBE, em
On Mon, Nov 13, 2017 at 12:57:48PM +, Adam Weremczuk wrote:
> Our quarterly PCI compliance scan has just challenged us on the following:
> https://vulners.com/nessus/OPENSSH_76.NASL
> Also referred to as OSVDB-166706.
The only security fix in OpenSSH 7.6 is:
| * sftp-server(8): in read-only m
On Sun, Dec 03, 2017 at 10:41:17AM +, Holger Levsen wrote:
> On Sun, Dec 03, 2017 at 12:38:24PM +0800, Paul Wise wrote:
> > The Debian buildds only do the first verification (due to all Debian
> > package uploader keys not being installed) but the Debian archive
> > verifies that all uploads ma
On Sun, Dec 03, 2017 at 11:40:31AM +, Holger Levsen wrote:
> On Sun, Dec 03, 2017 at 12:05:51PM +0100, Bastian Blank wrote:
> > > in practice, this also has obvious flaws.
> > Please elaborate.
> for a start: one only needs to compromise one machine instead of many...
It
[replying to you also]
On Mon, Sep 03, 2018 at 12:48:53PM +0200, Tomas Bortoli wrote:
> It allows to quickly find weak spots in Linux configs. Running it against:
> https://salsa.debian.org/kernel-team/linux/blob/master/debian/config/config
This is not the config of the Debian kernel. And if you
Hi folks
Debian currently does Secure Boot signing using a shim chained to the
Microsoft key. This use requires that we follow certain rules. And one
of the recent changes to those rules state that our method of signing
kernel modules also with the same key will not be allowed anymore. Some
inf
Hi Andreas
On Sun, Sep 24, 2023 at 11:10:36PM +0200, Andreas Beckmann wrote:
> On 24/09/2023 15.01, Bastian Blank wrote:
> > ## Kernel modules will be signed with an ephemeral key
> >
> > The modules will not longer be signed using the Secure Boot CA like the
> &
Hi Ben
On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote:
> On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote:
> > The same upstream version in testing and backports will have the same
> > package name.
> This is not OK, because they will be incompatibl
On Mon, Sep 25, 2023 at 04:35:08AM +0200, Andreas Beckmann wrote:
> On 25/09/2023 00.50, Bastian Blank wrote:
> > Already built modules remain until someone deletes it. So you can also
> > switch back to the still installed older kernel version and it will have
> > the
Hi Michel
On Sun, Oct 01, 2023 at 12:19:22PM +0200, Michel Verdier wrote:
> On 2023-10-01, Bastian Blank wrote:
> > Ah, here lays the missconception. No, the 6.6 ones are not removed. Why
> > should they be? The system knows it can't rebuild them.
> As the old kernel d
Hi Sam
On Tue, Oct 03, 2023 at 08:31:57AM -0600, Sam Hartman wrote:
> I still think it would help if you would work more on articulating what
> problem you are trying to solve with the linux-headers versioning
> change. I have read multiple versions of this proposal, and your
> follow-ups, and I
Hi Andreas
On Tue, Oct 03, 2023 at 11:58:29PM +0200, Andreas Beckmann wrote:
> That should solve the problem where several source packages need to be
> updated together.
The problem does not come from multiple source packages that need to be
updated together. Instead it comes from the way Debian
On Tue, Oct 03, 2023 at 03:00:53PM -0500, Robert Nelson wrote:
> On Tue, Oct 3, 2023 at 2:54 PM Adrian Bunk wrote:
> > How will the user get the headers matching this previously-used kernel
> > that are required until we provide a kernel with the regression fixed?
The same as now: nowhere, becaus
Hi
On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote:
> > Multiple uploads of the same upstream version will have
> > the same package name, but those rarely happens.
> Those happen fairly often for urgent security updates.
We could encode that in the upstream version. Aka to have
co
Moin
On Sun, Sep 24, 2023 at 03:01:51PM +0200, Bastian Blank wrote:
> ## Kernel modules will be signed with an ephemeral key
This is now
https://salsa.debian.org/kernel-team/linux/-/merge_requests/607.
> ## Image packages contains more version info
>
> Example: linux-image-6.5.3
[ Removing some lists ]
On Sat, Oct 07, 2023 at 04:53:33PM +0200, Bastian Blank wrote:
> > ## Image packages contains more version info
> >
> > Example: linux-image-6.5.3-cloud-arm64
>
> > It will not longer be possible to reliably derive the package name from
> &g
On Thu, Oct 05, 2023 at 07:59:54AM -0600, Sam Hartman wrote:
> I think that's what you mean by the first-level error.
> If not, I'm still confused.
> In the second level error case you are talking about is:
No, the first level is always: but the new kernel does not work.
The second is: I need to u
On Fri, Oct 27, 2023 at 08:43:46AM +0200, Julian Andres Klode wrote:
> > > ## Image packages contains more version info
> > >
> > > Example: linux-image-6.5.3-cloud-arm64
> >
> > > It will not longer be possible to reliably derive the package name from
> > > kernel release (see above), as both va
Hi
Over six years ago, support for VFIO without IOMMU was enabled for
arm64. This is a breach of the integrity lockdown requirement of secure
boot.
VFIO is a framework for handle devices in userspace. To make
this safe, an IOMMU is required by default. Without it, user space can
write everywhe
On Fri, May 02, 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> My company has created an application that allows remote users to edit
> their DNS-records. This app needs to restart bind on the remote nameservers.
bind never needs to be restarted, use rndc or dns updates with key.
bastian
-
On Mon, Dec 08, 2003 at 03:22:34AM -0600, Ryan Underwood wrote:
> harden-localflaws package conflicts with some kernel-image packages
> (needs to be updated for the <2.4.23 vulnerability) in order to ensure
> that they are removed.
They are not vulnerable on at least 3 architectures, Debian suppor
On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote:
> The only problem is that the server need write access to the repository
> in order to create locks (which are directories, IIUC). I have not yet
> find a way to only allows the server to create locks, but to change
> nothing else.
y
On Wed, Jan 21, 2004 at 12:04:58PM +1100, Russell Coker wrote:
> Looks like they used wget to download psybnc, it's an IRC bot.
No, psybnc is an IRC bouncer and the archive includes a binary and the
sources:
| $ file psybnc
| psybnc: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for
On Thu, Feb 19, 2004 at 12:19:31AM +1100, Russell Coker wrote:
> Regardless, you will still have the same problem if a user creates hard links
> to files owned by another user (presuming that you don't have a mount point
> per user or a file system such as NFS that doesn't support hard-links).
N
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote:
> On Wednesday, 02 October 2002, at 20:21:26 +0200,
> jernej horvat wrote:
>
> > so to you a reward is proof of security ? :-]
> At least not for me. But a reward offered 5 years ago that not only
> hasn't been awarded, but
On Mon, Dec 08, 2003 at 03:22:34AM -0600, Ryan Underwood wrote:
> harden-localflaws package conflicts with some kernel-image packages
> (needs to be updated for the <2.4.23 vulnerability) in order to ensure
> that they are removed.
They are not vulnerable on at least 3 architectures, Debian suppor
On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote:
> The only problem is that the server need write access to the repository
> in order to create locks (which are directories, IIUC). I have not yet
> find a way to only allows the server to create locks, but to change
> nothing else.
y
On Wed, Jan 21, 2004 at 12:04:58PM +1100, Russell Coker wrote:
> Looks like they used wget to download psybnc, it's an IRC bot.
No, psybnc is an IRC bouncer and the archive includes a binary and the
sources:
| $ file psybnc
| psybnc: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for G
On Thu, Feb 19, 2004 at 12:19:31AM +1100, Russell Coker wrote:
> Regardless, you will still have the same problem if a user creates hard links
> to files owned by another user (presuming that you don't have a mount point
> per user or a file system such as NFS that doesn't support hard-links).
N
On Thu, Oct 28, 2004 at 05:43:55PM -0400, Joey Hess wrote:
> Current list of security problems apparently unfixed in sarge:
kernel-image-2.6.8-s390, CAN-2004-0887
Bastian
--
War isn't a good life, but it's life.
-- Kirk, "A Private Little War", stardate 4211.8
signature.asc
De
On Fri, Mar 18, 2005 at 12:04:21PM -0500, Hubert Chan wrote:
> (which, if you're using from C++ code, you'll
> have to #define __STDC_LIMIT_MACROS before you include stdint.h).
This name is reserved. It is undefined behaviour if you define it.
Bastian
--
You! What PLANE
On Tue, Apr 05, 2005 at 08:28:36AM +0300, Riku Valli wrote:
> So i recommed when that happens in DSA or package is lsof |grep DEL|more
> reminder at least.
lsof +L 1 lists any open file with link count 0.
Bastian
--
A princess should not be afraid -- not with a brave knight to protect her.
On Sun, Dec 17, 2000 at 10:36:03AM -0600, Kevin van Haaren wrote:
>Is there another way to securely provide
> authenticated smtp?
you can use TLS insteed. but you must read the documentation for bring
it to work
bastian
--
No more blah, blah, blah!
-
On Mon, Jan 29, 2001 at 10:10:34PM +0100, NDSoftware wrote:
> I have ipchains under Debian 2.2.
> This firewall is compatible IPv6 ?
no, you must use netfilter
bastian
--
Each kiss is as the first.
-- Miramanee, Kirk's wife, "The Paradise Syndrome",
stardate 4
On Wed, Sep 03, 2008 at 12:17:23AM +0300, Alexander Golovin wrote:
> I've tryed to load modules for my partition encryption, and had an
> error:
> #modprobe sha256
> WARNING: Error inserting padlock_sha
> (/lib/modules/2.6.26-1-686/kernel/drivers/crypto/padlock-sha.ko): No such
> device
Where
On Tue, Feb 17, 2009 at 07:08:31PM -0500, Shailesh Rangari wrote:
> - both use the 'Fiestel Network' (first used in Lucifer & DES). Its
> essence is Decryption is done by Reversing the order of Encryption.
No, AES uses a SP network. DES uses a Feistel Network.
> That leaves us with Side Channel
On Fri, Jul 10, 2009 at 07:31:33AM -0700, Russ Allbery wrote:
> Peter Jordan writes:
> > We use NFSv4.
> I think the current version may have that same problem.
Urgs, yes.
Bastian
--
There is an order of things in this universe.
-- Apollo, "Who Mourns for Adonais?" stardate 346
On Sun, Oct 04, 2009 at 10:15:35AM -0400, Thomas Krichel wrote:
> I am running debian testing, 2.6.30 kernel.
This kernel lacks a few security fixes.
> I have a rootkit installed on a bunch of machines that rkhunter
> does not find. This appears after infection with SHV4 / SHV5,
> which r
On Thu, Oct 08, 2009 at 12:25:51PM +0200, Tomasz Papszun wrote:
> Sorry, it may seem a little harsh,
Why?
>but the reason is that unless the
> majority of ClamAV users upgrade to >= 0.95.x, old freshclams will put
> an excessive load on ClamAV database mirror
On Thu, Oct 08, 2009 at 02:11:39PM +0200, Tomasz Papszun wrote:
> On Thu, 08 Oct 2009 at 13:09:02 +0200, Bastian Blank wrote:
> > On Thu, Oct 08, 2009 at 12:25:51PM +0200, Tomasz Papszun wrote:
> > > Sorry, it may seem a little harsh,
> > Why?
> Well, from the Paul'
On Fri, Aug 27, 2010 at 12:06:50PM -0400, Min Wang wrote:
> I have following set up:
> Multiple Linux PCs use OpenLdap to authenicate, and mount /home to NFS
> server
Use Kerberos for NFS authentication.
Bastian
--
A little suffering is good for the soul.
-- Kirk, "The Corbomi
On Wed, Dec 22, 2010 at 10:18:50AM +0100, Bernhard R. Link wrote:
> That said, having /tmp noexec,nosuid and /var nosuid will only make some
> script-kiddies slower and the more people use it the less it helps.
It is a start.
> As long as you have things like /dev/shm world-writeable and not
> mo
On Wed, Dec 22, 2010 at 01:42:03PM +0200, Izak Burger wrote:
> The usual process related things replaced:
> free pgrep pmap skillsnice tload uptime w
> kill pkill psslabtop sysctl topvmstat watch
This looks like the rootkit I found somewhere in the internet:
| 137a3bbda1603
On Thu, Dec 23, 2010 at 12:54:44PM +0100, Bernhard R. Link wrote:
> * Bastian Blank [101222 11:30]:
> > On Wed, Dec 22, 2010 at 10:18:50AM +0100, Bernhard R. Link wrote:
> > > That said, having /tmp noexec,nosuid and /var nosuid will only make some
> > > script-kiddies
On Wed, Feb 01, 2012 at 10:34:28AM +0100, Wouter Verhelst wrote:
> Well, that's what we have the 'linux-source' packages for: to allow
> other packages to build-depend on them.
Since 3.1 or so it is not longer possible to use this package as source
in terms of the GPL like the udebs have done for
On Wed, Feb 01, 2012 at 10:50:07PM +0100, Yves-Alexis Perez wrote:
> On mer., 2012-02-01 at 19:14 +0100, Bastian Blank wrote:
> > Since 3.1 or so it is not longer possible to use this package as source
> > in terms of the GPL like the udebs have done for several releases.
> Could
On Mon, Nov 11, 2013 at 04:56:27PM -0500, Michael Gilbert wrote:
> That isn't quite right since excepting mistakes, security updates will
> never require packages outside the security archive.
This is incorrect:
| Package: asterisk-mysql
| Depends: […] libc6 (>= 2.4), […]
| $ apt-cache policy as
On Sat, Dec 07, 2013 at 10:55:30AM -0600, Richard Owlett wrote:
> Any help/direction appreciated.
The answer is: None. If you don't have anything listen on the network,
nothing can be accessed anyway.
Bastian
--
Where there's no emotion, there's no motive for violence.
-- Spock,
On Mon, Jan 29, 2001 at 10:10:34PM +0100, NDSoftware wrote:
> I have ipchains under Debian 2.2.
> This firewall is compatible IPv6 ?
no, you must use netfilter
bastian
--
Each kiss is as the first.
-- Miramanee, Kirk's wife, "The Paradise Syndrome",
stardate
On Sun, Jul 01, 2001 at 08:47:30PM -0700, Jamie Heilman wrote:
> I'm not sure its even worth mentioning this, but its a thread on security
> and BIND, so here's the ob. plug for Something Better(tm):
> http://cr.yp.to/djbdns.html
forget it.
1. non-free
2. author write like "alle shit then my"
>
On Sun, Jul 01, 2001 at 08:47:30PM -0700, Jamie Heilman wrote:
> I'm not sure its even worth mentioning this, but its a thread on security
> and BIND, so here's the ob. plug for Something Better(tm):
> http://cr.yp.to/djbdns.html
forget it.
1. non-free
2. author write like "alle shit then my"
> I
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote:
> On Wednesday, 02 October 2002, at 20:21:26 +0200,
> jernej horvat wrote:
>
> > so to you a reward is proof of security ? :-]
> At least not for me. But a reward offered 5 years ago that not only
> hasn't been awarded, but e
56 matches
Mail list logo
