Re: Debian audititing tool?

2000-12-26 Thread Daniel Ginsburg
On Tue, Dec 26, 2000 at 09:27:53PM +0200, Pavel Minev Penev wrote: > On Tue, Dec 26, 2000 at 05:27:07PM +0300, [EMAIL PROTECTED] wrote: > > Of course plain md5 hashes are not very helpful. But we can keep MAC[1] for > > binaries. Tampering with MAC database is useless. > > > > ... > > > > [1] Messa

Re: Debian audititing tool?

2000-12-26 Thread Daniel Ginsburg
On Tue, Dec 26, 2000 at 10:52:47PM +0100, Christian Kurz wrote: > On 00-12-26 Peter Cordes wrote: > > have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't > > a real break against MD5. It means that you can find two messages that hash > > to the same value. To do so, you _h

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 10:57:08AM -0500, Steve Greenland wrote: > Tim, good fixups, a few C coding/style nitpicks: > > On 12-Jun-01, 17:57 (CDT), Tim van Erven <[EMAIL PROTECTED]> wrote: > > #include > > #include /* For execlp */ > #include /* For exit */ > > > int main() > > int main(void

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 02:02:10PM -0500, Steve Greenland wrote: [snip] > I'd still argue that exit(_macro_) is better style than return from > main(), but I'm hard pressed to find a technical argument. > There's subtle difference between returning from main and calling exit. Excelent explanatio

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 04:10:27PM -0500, Steve Greenland wrote: > On 13-Jun-01, 13:47 (CDT), Tim van Erven <[EMAIL PROTECTED]> wrote: > > > On Wed, Jun 13, 2001 at 10:57:08AM -0500, Steve Greenland wrote: > > > > > int main() > > > > > > > > int main(void) /* () != (void) in C */ > > > > The

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 11:34:28PM +0200, Tim van Erven wrote: [snip] > > > > Possible access to unallocated memory if "\0\n" supplied as input. > > > > > > Only if strlen(name) = 0 and besides from being hard to achieve when > > > entering data on stdin, fgets will return 0 if that happens. > >

Re: Debian audititing tool?

2000-12-26 Thread Daniel Ginsburg
On Tue, Dec 26, 2000 at 09:27:53PM +0200, Pavel Minev Penev wrote: > On Tue, Dec 26, 2000 at 05:27:07PM +0300, [EMAIL PROTECTED] wrote: > > Of course plain md5 hashes are not very helpful. But we can keep MAC[1] for > > binaries. Tampering with MAC database is useless. > > > > ... > > > > [1] Mess

Re: Debian audititing tool?

2000-12-26 Thread Daniel Ginsburg
On Tue, Dec 26, 2000 at 10:52:47PM +0100, Christian Kurz wrote: > On 00-12-26 Peter Cordes wrote: > > have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't > > a real break against MD5. It means that you can find two messages that hash > > to the same value. To do so, you _

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 10:57:08AM -0500, Steve Greenland wrote: > Tim, good fixups, a few C coding/style nitpicks: > > On 12-Jun-01, 17:57 (CDT), Tim van Erven <[EMAIL PROTECTED]> wrote: > > #include > > #include /* For execlp */ > #include /* For exit */ > > > int main() > > int main(voi

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 02:02:10PM -0500, Steve Greenland wrote: [snip] > I'd still argue that exit(_macro_) is better style than return from > main(), but I'm hard pressed to find a technical argument. > There's subtle difference between returning from main and calling exit. Excelent explanati

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 04:10:27PM -0500, Steve Greenland wrote: > On 13-Jun-01, 13:47 (CDT), Tim van Erven <[EMAIL PROTECTED]> wrote: > > > On Wed, Jun 13, 2001 at 10:57:08AM -0500, Steve Greenland wrote: > > > > > int main() > > > > > > > > int main(void) /* () != (void) in C */ > > > > The

Re: Security in a shell that starts ssh

2001-06-13 Thread Daniel Ginsburg
On Wed, Jun 13, 2001 at 11:34:28PM +0200, Tim van Erven wrote: [snip] > > > > Possible access to unallocated memory if "\0\n" supplied as input. > > > > > > Only if strlen(name) = 0 and besides from being hard to achieve when > > > entering data on stdin, fgets will return 0 if that happens. > >