Clemens Bier <[EMAIL PROTECTED]> writes:
> So, now we come to the point:
> When I integrate my script into /etc/init.d as one of the startup
> scripts, I get the following error message during boot time
>
> cannot open '/dev/tty' : no such device or address
> Error: Password must be at least 20
Philippe Troin <[EMAIL PROTECTED]> writes:
> Greg Deitrick <[EMAIL PROTECTED]> writes:
>
>> Hello,
>>
>> What is the recommended method for securely creating a temporary named pipe
>> in
>> C code?
>>
>> Looking at the man pages for various library calls it appears that
>> tmpfile(3)
>> is p
Jaros³aw Tabor <[EMAIL PROTECTED]> writes:
> Hi all!
>
> I've some private network, not connected to internet. The only way to
> install something is to bring software on CD.
> Is there any way to download all security updates into CD, so I'will be
> able to apt-get them ?
>
> thanks in adva
Karsten Dambekalns <[EMAIL PROTECTED]> writes:
> Hi.
>
> On Thursday 21 July 2005 20:31, Andras Got wrote:
>> The users, the ones the machines was hacked, were they existing users on
>> the machine?
>
> I don't know which user account got hacked, if this was what has happened.
Did you check the l
Goswin von Brederlow <[EMAIL PROTECTED]> writes:
> Karsten Dambekalns <[EMAIL PROTECTED]> writes:
>
>> Hi.
>>
>> On Thursday 21 July 2005 20:31, Andras Got wrote:
>>> The users, the ones the machines was hacked, were they existing users on
>>&
Tomas Fasth <[EMAIL PROTECTED]> writes:
> Hello,
>
> This letter is addressed to the monotone mailing list as well as the
> debian maintainer of the lua shared library in Debian and the
> debian-security mailing list.
>
> Background:
> Monotone is currently linked statically against it's own copy
Paul Gear <[EMAIL PROTECTED]> writes:
> Alvin Oga wrote:
>>
>> On Sun, 28 Aug 2005, Florian Weimer wrote:
>>
>>
>>>AFAIK, you can only blame the security team for lack of communication.
>>
>>
>> nah ... they're doing fine .. to the extent is needed ??
>>
>> if it's important... they will pos
Andreas Barth <[EMAIL PROTECTED]> writes:
> * Bob Tanner ([EMAIL PROTECTED]) [050920 16:39]:
>> Same here. Reach out to the community and let us help.
>
> Well, the basic problem with mirrors is:
> * How can we be sure that all mirrors are synced _very_ fast? We will
> probably get more negativ
"Michel Messerschmidt" <[EMAIL PROTECTED]> writes:
> Neal Murphy said:
>> The point is to obscure the ssh server from everyone, including those
> who
>> are authorized to access it remotely.
>
> You're right, this is just the old idea of "security by obscurity".
And quite pointless. Better instal
Michael Stone <[EMAIL PROTECTED]> writes:
> On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
>> Yes, allowing UDP packets in is, in a sense, an open port, but it's
>> a one-way port. UDP packets have a fixed maximum size and the
>> information carried in the packet is trivial in nature
Michael Stone <[EMAIL PROTECTED]> writes:
> On Wed, Mar 15, 2006 at 02:35:53PM +0100, Goswin von Brederlow wrote:
>>Michael Stone <[EMAIL PROTECTED]> writes:
>>> No, anyone can generate encrypted parts. IMHO, there's not much chance
>>> that the decr
Julien Danjou <[EMAIL PROTECTED]> writes:
> On Fri, Mar 24, 2006 at 03:53:03PM +0100, Martin Zobel-Helas wrote:
>> Looks like just rebuilding the security version resolves that error, for
>> whatever reason. Julien and me just cross checked that and got the same
>> result.
>
> We tried to reproduc
Martin Zobel-Helas <[EMAIL PROTECTED]> writes:
> Hi Andi,
>
> On Monday, 27 Mar 2006, you wrote:
>> * Martin Zobel-Helas ([EMAIL PROTECTED]) [060324 16:00]:
>> > Looks like just rebuilding the security version resolves that error, for
>> > whatever reason. Julien and me just cross checked that and
Hi,
I took over the ITP for Lustre from <> and recently <> also showed
interest in this. Both of use use Lustre at work so there will be some
paid time spend on keeping this current.
Now to my question. Lustre needs a specialy patched kernel and builds
a ton (~100MB uncompressed) of kernel module
Sorry, I hit the wrong button (send instead of save) so here we go again:
Hi,
I took over the ITP (237713) for Lustre from Andres Salomon and
recently Alastair McKinstry also showed interest in this. Both of use
use Lustre at work so there will be some paid time spend on keeping
this current.
No
dann frazier <[EMAIL PROTECTED]> writes:
> How big is the patchset these days, and what does it touch? I haven't
> messed with Lustre since 2.4.20 where the core patches were mostly
> adding intents, etc - stuff that I thought had been merged upstream in
> 2.6.
There still is a lot of patching in
dann frazier <[EMAIL PROTECTED]> writes:
> On Wed, Aug 02, 2006 at 11:06:23AM +, Bastian Blank wrote:
>> If you want to be correct, you can't use linux-source. So the security
>> team have to support another kernel source.
>
> A kernel-patch package that applies on top of the kernel team's
> l
Florent Rougon <[EMAIL PROTECTED]> writes:
> Florent Rougon <[EMAIL PROTECTED]> wrote:
>
>> Is it possible for a malicious su wrapper to:
>>
>> 1. record root's password (of course, yes);
>>
>> 2. *and then* feed this password to the real "su".
>>
>> I suspect the real "su" empties the stdin b
"Izak Burger" <[EMAIL PROTECTED]> writes:
> On 8/26/06, Michelle Konzack <[EMAIL PROTECTED]> wrote:
>> Never had autoinstalled nfs-common and lpr...
>
> Those are definitly installed by default, at least in stable, or it
> was installed the last time I installed stable. IIRC so is
> nfs-kernel-se
martin f krafft <[EMAIL PROTECTED]> writes:
> also sprach Lestat V <[EMAIL PROTECTED]> [2006.10.18.0509 +0200]:
>> Can it be normal? Or what may be going on my computer and the LAN?
>
> Yes, this can happen. I suggest you use the ifupdown pre-up hook to
> change them on each machine.
>
> iface eth
Bernd Eckenfels <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]> you wrote:
>> I don't understand why DSAs for etch include md5sums and manual upgrade
>> instructions at all. Apt can verify the checksum and gpg signature and
>> handle the upgrade after all, and probably more securely t
Vladimir Strycek <[EMAIL PROTECTED]> writes:
> Hi all,
>
> im curious, i heard that its possible to encrypt drives in debian or
> any linux. But how does it work ? i meen do i have to enter password
> all the time when i wanna to boot server ? or its just for some
> special partition ?
>
> Any pra
Russell Coker <[EMAIL PROTECTED]> writes:
> On Monday 02 July 2007 11:35, Anders Breindahl <[EMAIL PROTECTED]> wrote:
>> In servers, you might want to trust physical security, since
>> whole-system encryption incurs a performance degradation. (However, on a
>> reasonably recent system, you still w
Martin Zobel-Helas <[EMAIL PROTECTED]> writes:
> Hi,
>
> On Wed Aug 15, 2007 at 10:54:02 +0200, Hadmut Danisch wrote:
>> Hi,
>>
>> just a question because someone had asked me for help. The problem was
>> that apt-get update had complained about not beeing able to verify
>> signatures due to a m
Dimitar Dobrev <[EMAIL PROTECTED]> writes:
> Hi All,
>
> i have build my kernel from source 2.6.18 + debian patches. But after
> every step when configuring the RAID i have rebuild it -
>
> |mkinitrd -o /boot/initrd.img-2.6.18-temp /lib/modules/2.6.18/
> cp ||/boot/initrd.img-2.6.18-temp ||boot/in
"Alexander Konovalenko" <[EMAIL PROTECTED]> writes:
> I would like to verify that some .deb files I downloaded a while ago
> (using apt) haven't been tampered with. (Actually, I'll be doing this
> kind of thing more than once.) I have the appropriate Release,
> Release.gpg and Packages files.
>Fr
Hi,
FTP-master asked me on irc to get permission from you (debian-security)
for splitting up ia32-libs into multiple source packages before going
any further.
The ia32-libs package provides 32bit i486 legacy support for amd64 and
ia64 so that users can run software that is only available in
32bit
Rich Healey <[EMAIL PROTECTED]> writes:
> Dominic Hargreaves wrote:
>> Hello,
>>
>> I'm shortly going to be deploying a new general purpose login host on
>> etch. As our old system is i386 and our new system amd64, I have
>> installed the ia32-libs package, to give user-compiled code a chance of
Stefan Tichy <[EMAIL PROTECTED]> writes:
> Hi,
>
> the problem may be the result of proxy usage or even improper proxy
> configuration, but apt-get should complain if something is wrong.
>
> Etch is installed on the system and "apt-get update" did fetch
> Release and Release.gpg from security.debi
Stefan Tichy <[EMAIL PROTECTED]> writes:
> On Sat, May 03, 2008 at 10:17:00PM +0200, Goswin von Brederlow wrote:
>> Does it complain about the md5sum/size of the file?
>
> No, it seems to be perfectly satisfied. No error message, exit
> status 0.
>
>
>&
Stefan Tichy <[EMAIL PROTECTED]> writes:
> On Sun, May 04, 2008 at 06:50:35PM +0200, Goswin von Brederlow wrote:
>> Does the file actually differ?
>
> security.debian.org_dists_etch_updates_main_binary-i386_Packages
>
> Yes, it has been modified.
I ment what Rel
Bernd Eckenfels <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]> you wrote:
>> Apt-get should not even send an "If-Modified" query imho. After
>> fetching the Release file is already knows with near certainty if the
>> local file is current or not. It should check the Checksums of the
"Cameron Dale" <[EMAIL PROTECTED]> writes:
> On 5/4/08, Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
>> But you are right. There is something wrong here that is not squids
>> fault:
>>
>> Apt-get should not even send an "If-Modifi
"Cameron Dale" <[EMAIL PROTECTED]> writes:
> On 5/7/08, Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
>> "Cameron Dale" <[EMAIL PROTECTED]> writes:
>> > 3) getting an HTTP 304 response may be faster than hashing a 20 MB
>> >
Bodo Moeller <[EMAIL PROTECTED]> writes:
> This much, by the way, should be very clear to anyone who has read the
> OpenSSL PRNG's source code comments ;-) Anyone who'd look at the
> calling code responsible for the Valgrind warning would have found
> a comment regarding this peculiar behavior.
Micah Anderson <[EMAIL PROTECTED]> writes:
> * Michael Stone <[EMAIL PROTECTED]> [2008-07-17 08:09-0400]:
>> On Thu, Jul 17, 2008 at 04:46:54PM +0200, Daniel Leidert wrote:
>>> Today there were some news about a study from the University of Arizona
>>> regarding security issues with package manage
"Jim Popovitch" <[EMAIL PROTECTED]> writes:
> On Thu, Jul 17, 2008 at 3:43 PM, Goswin von Brederlow <[EMAIL PROTECTED]>
> wrote:
>> The simple solution would be to create a Timestamp.gpg file that is
>> signed daily (as oppsoed to Release.gpg being sig
Michael Stone <[EMAIL PROTECTED]> writes:
> On Thu, Jul 17, 2008 at 11:30:12AM -0400, Micah Anderson wrote:
>>Although PGP-signed Release file prevent tampering with files, the
>>attack doesn't require tampering with files or tampering with signed
>>release files. If I were to MitM security.debian
Russ Allbery <[EMAIL PROTECTED]> writes:
> Michael Stone <[EMAIL PROTECTED]> writes:
>> On Thu, Jul 17, 2008 at 03:54:02PM -0400, Jim Popovitch wrote:
>
>>> But as long as Release.gpg/Timestamp.gpg are local to the mirror(s),
>>> and not only on a master, the various .gpg files and packages can, e
Michael Stone <[EMAIL PROTECTED]> writes:
> On Fri, Jul 18, 2008 at 01:17:43PM +0200, Goswin von Brederlow wrote:
>>Or just one DNS server or even just the users client.
>
> You'd also have to keep the DNS server wrong. Doing this in a manner
> that people don&#x
Russell Coker <[EMAIL PROTECTED]> writes:
> On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote:
> > To stay on topic, I'm for keeping /usr and /usr/local read-only,
> > because really nothing should update them except for a few
> > programs under controlled circumstances (that's what makes
> > the enfo
Michael Stone <[EMAIL PROTECTED]> writes:
> On Sat, Oct 18, 2003 at 04:05:22AM +0200, Goswin von Brederlow wrote:
> >Mounting stuff read-only also prevents filesystem corruption in case
> > the system does crash
>
>
> A quiescent filesystem isn't going to be
Michael Stone <[EMAIL PROTECTED]> writes:
> On Sat, Oct 18, 2003 at 03:36:50PM +0200, Goswin von Brederlow wrote:
> >Which you get from time to time due to programs opening files
> >read-write when possible, mtime and atime updates etc.
>
> If you actually need to mod
"Michael Sharman" <[EMAIL PROTECTED]> writes:
> >
> > No, it's an argument of efficacy. Removing rw from a mount doesn't
> > remove the ability to write to it for a malicious user. If it
> > gives you
> > warm fuzzies, great, do it. But that's all it's going to do for you.
> >
> > Mike Stone
>
Hans Baume <[EMAIL PROTECTED]> writes:
> Like some others who have mentioned this in the past, I would like
> to mirror security.debian.org for internal use due to the large
> number of Debian boxes at my company and the inconsistent access
> to the important updates residing on that server.
>
no name supplied <[EMAIL PROTECTED]> writes:
> On Mar 28, 2004, at 1:32 AM, Brett Furlong wrote:
> > Got spam though debian security list again...
> [...]
> > is there a way, we can have a human filter all the eMails before they
> > are allowed to be sent to all of us?
>
> When I first read that
Roland Stigge <[EMAIL PROTECTED]> writes:
> Hi,
>
> a user provided a convenience patch[1] for xautolock[2] preventing
> xautolock from starting its configured executible (e.g. xlock) when the
> computer just woke up from sleep.
>
> IMHO this would raise a security issue for people assuming xloc
Russell Coker <[EMAIL PROTECTED]> writes:
> On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote:
> > To stay on topic, I'm for keeping /usr and /usr/local read-only,
> > because really nothing should update them except for a few
> > programs under controlled circumstances (that's what makes
> > the enfo
Michael Stone <[EMAIL PROTECTED]> writes:
> On Sat, Oct 18, 2003 at 04:05:22AM +0200, Goswin von Brederlow wrote:
> >Mounting stuff read-only also prevents filesystem corruption in case
> > the system does crash
>
>
> A quiescent filesystem isn't going to be
Michael Stone <[EMAIL PROTECTED]> writes:
> On Sat, Oct 18, 2003 at 03:36:50PM +0200, Goswin von Brederlow wrote:
> >Which you get from time to time due to programs opening files
> >read-write when possible, mtime and atime updates etc.
>
> If you actually need to mod
"Michael Sharman" <[EMAIL PROTECTED]> writes:
> >
> > No, it's an argument of efficacy. Removing rw from a mount doesn't
> > remove the ability to write to it for a malicious user. If it
> > gives you
> > warm fuzzies, great, do it. But that's all it's going to do for you.
> >
> > Mike Stone
>
Hans Baume <[EMAIL PROTECTED]> writes:
> Like some others who have mentioned this in the past, I would like
> to mirror security.debian.org for internal use due to the large
> number of Debian boxes at my company and the inconsistent access
> to the important updates residing on that server.
>
no name supplied <[EMAIL PROTECTED]> writes:
> On Mar 28, 2004, at 1:32 AM, Brett Furlong wrote:
> > Got spam though debian security list again...
> [...]
> > is there a way, we can have a human filter all the eMails before they
> > are allowed to be sent to all of us?
>
> When I first read that
Roland Stigge <[EMAIL PROTECTED]> writes:
> Hi,
>
> a user provided a convenience patch[1] for xautolock[2] preventing
> xautolock from starting its configured executible (e.g. xlock) when the
> computer just woke up from sleep.
>
> IMHO this would raise a security issue for people assuming xloc
Clemens Bier <[EMAIL PROTECTED]> writes:
> So, now we come to the point:
> When I integrate my script into /etc/init.d as one of the startup
> scripts, I get the following error message during boot time
>
> cannot open '/dev/tty' : no such device or address
> Error: Password must be at least 20
Philippe Troin <[EMAIL PROTECTED]> writes:
> Greg Deitrick <[EMAIL PROTECTED]> writes:
>
>> Hello,
>>
>> What is the recommended method for securely creating a temporary named pipe in
>> C code?
>>
>> Looking at the man pages for various library calls it appears that tmpfile(3)
>> is probably
martin f krafft <[EMAIL PROTECTED]> writes:
> During the peripheral beer-drinking of the SUCON '04, a colleage of
> mine raised the concern that Debian stable includes binary code
> compiled on untrusted machines. I would like to herewith propose to
> change that for the future.
>
> An upload to D
martin f krafft <[EMAIL PROTECTED]> writes:
> also sprach Goswin von Brederlow <[EMAIL PROTECTED]> [2004.09.05.1807 +0200]:
>> The binary is needed because otherwise the -all packages would be
>> missing and there would be no deb package in the archive holding
>>
Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> writes:
> [2] Actually, signing releases is not the correct way since auto-bulders
> run sid and sid is not a signed release. Apt 0.6 might support signed
> releases but I will not prevent some of the attacks Goswin described.
All packages shou
Michael Stone <[EMAIL PROTECTED]> writes:
> On Sun, Sep 05, 2004 at 06:07:43PM +0200, Goswin von Brederlow wrote:
>>The binary is needed because otherwise the -all packages would be
>>missing and there would be no deb package in the archive holding the
>>source in.
&
> Florian Weimer wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> -
>> Debian Security Advisory DSA-1833-2 secur...@debian.org
>> http://www.debian.org/security/ Flori
Celejar writes:
> On Tue, 8 Sep 2009 12:01:09 +1000
> Morgan Storey wrote:
>
>> Hi Celejar,
>>
>> You can get him to PGP/GPG sign the package, then just verify it with
>> his public key, or simply mdsum and sha1sum the package. There are MD5
>> collisions so someone could make a package of the
Lee Winter writes:
> The security mirror at security.debian.org appears to have a structure
> that is compatible with the main debian mirrors. If that appearance
> is an accurate reflection of reality then the updates/main/* tree
> should be compatible with the main/* tree. I use the term compa
Russ Allbery writes:
> Lee Winter writes:
>> On Wed, Sep 16, 2009 at 3:54 PM, Russ Allbery wrote:
>
>>> There's a one-to-one correspondance between an entry in sources.list
>>> and the metadata that apt expects to find in the repository, which in
>>> turn is signed. You would have to combine t
Hi,
I've prepared a ia32-libs update [1] ment for the pending Lenny point
release but was too slow and missed the cut. Given the number of
security fixes
* Incudes security fixes for:
CVE-2008-3529 CVE-2008-3639 CVE-2008-3640 CVE-2008-3641 CVE-2008-3834
CVE-2008-3964 CVE-2008-4225 C
Brchk05 writes:
> I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the
> enforcement of page permissions. I have written a simple program with a basic
> buffer overflow and compiled two versions using gcc: one with -z execstack and
> another with -z noexecstack.
>
> So, to
Mike Mestnik writes:
> Pascal Weller wrote:
>> Hi All
>>
>> The various tools for integrity checks (aide, integrit, tripwire,
>> etc) do check timestamp, uid/gui, permissions, checksum, inode
>> etc. of the files on an system, compare them to the last know-good
>> state and warn about changes.
>>
Yves-Alexis Perez writes:
> On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
>> On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote:
>> > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote:
>> > > What is stopping you from creating another package, that provides the
On Mon, Jul 02, 2012 at 12:27:06PM +0200, Bernd Zeimetz wrote:
> On 07/02/2012 10:53 AM, Silvio Cesare wrote:
> > Hi,
> > [ ... ]
> > Now some of these cases are going to be false positives. From looking at
> > the results, many of the vulns were probably fixed but have not been
> > reported in the
69 matches
Mail list logo
