On Sat, 31 Dec 2011, Laurentiu Pancescu wrote:
> effective). I tested Exec-shield in Debian a few years ago, with and
> without SELinux, it makes a big difference:
I just did a quick test on an i386 system with PAE running a 686 Squeeze
kernel.
SE Linux enforcing vs permissive made no differen
On Thu, 2 Feb 2012, dann frazier wrote:
> Whilte it may help the kernel team to not have to worry about problems
> in the grsec flavor when preparing uploads, preventing delays for the
> non-grsec images. But, that just pushes the coordination down a ways -
> for stable updates we would need to ad
On Fri, 3 Feb 2012, Christoph Anton Mitterer wrote:
> Wasn't it once the case with PaX that packages have to be compiled
> specially? Or some ELF headers added or so?
Some shared libraries have code which can't be run without an executable
stack, it's a small number of libraries that are written
On Thu, 9 Feb 2012, Stephen Hemminger wrote:
> The advice I heard is trust nothing (even reflash the BIOS).
Do you know of any real-world exploits that involve replacing the BIOS? It's
been theoretically possible for a long time but I haven't seen any references
to it being done.
Also one thi
On Thu, 9 Feb 2012, Jason Fergus wrote:
> Out of curiosity, couldn't one technically boot up a liveCD, mount the
> drive(s) and then download the .debs individually, then extract them
> over the mounted partitions, effectively copying over all of the
> binaries.
There is the possibility of SUID b
On Thu, 9 Feb 2012, "Milan P. Stanic" wrote:
> On Wed, 2012-02-08 at 17:56, Fernando Mercês wrote:
> > I think you're talking about syscall interceptions and related stuff.
> > You're right, we can't trust, but it in this case we're talking about
> > a very specialized malware and I don't see any
On Fri, 2 Mar 2012, Jordon Bedwell wrote:
> > Run the command below.
> >
> > grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $?
> >
> > If you don't get 1 as output, your sshd is compromised.
>
> It returned 1, this happens on freshly installed Debian and Ubuntu too
> though, tested
On Fri, 2 Mar 2012, Mike Mestnik wrote:
> > I'd like to have OpenSSH log the email address field from a key that was
> > used for login so I could see something like "ssh key
> > russ...@coker.com.au was used to login to account rjc" in my logs.
> >
> From what I know that information(the comment
On Mon, 5 Mar 2012, Stayvoid wrote:
> Which one is more secure?
The one that is run by the most skilled people who devote the most resources
to making it secure.
But this is nothing to do with the debian-security list.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghtt
On Tue, 27 Mar 2012, David Ehle wrote:
> Isn't having compilers/build tools considered a security "no no" if
> possible to avoid?
There have been some attacks on systems which have relied on the presence of
various compilers and interpreters, the best known example is the Morris Worm.
But the
On Thu, 26 Apr 2012, Min Wang wrote:
> I have something in /var/log/audit/audit.log like:
>
> avc: denied { write } for pid=23739 comm="httpd" name="renderd.sock"
>dev=dm-0 ino=1183752 scontext=unconfined_u:system_r:httpd_t:s0
>tcontext=unconfined_u:object_r:var_run_t:s0 tclass=s
On Fri, 27 Apr 2012, Min Wang wrote:
> just wondering where is the tclass=sock_file defined?
In the refpolicy source it is in policy/flask/access_vectors .
>basically i have apache mod_tile want to access
>
> /var/run/renderd/renderd.sock ( from renderd)
>
> ls -lZ /var/run/renderd/
>
On Thu, 13 Dec 2012, Moritz Mühlenhoff wrote:
> Plus, installing Flash opens the Pandora's box anyway
When a user runs a web browser that calls the Flash plugin then that user
session is exposed to the risk of a compromised Adobe web site etc. When the
user visits a potentially hostile web sit
On Sun, 19 Jan 2014, Marco Saller wrote:
> i am not sure if this question has been asked or answered yet, please do
> not mind if i would ask it again. Is it possible that the NSA or other
> services included investigative software in some Debian packages?
It is possible that a DD has betrayed th
On Fri, 24 Jan 2014, Marko Randjelovic wrote:
> > I would also like this. Yesterday I started compiling 3.2.54 with grsec
> > and PaX. A ready debian kernel(-source) with grsec and PaX would be
> > fine. Currently I am distributing my special packages via my own
> > repository - is there any conce
On Sun, 30 Dec 2001 11:18, Petre Daniel wrote:
> Well,i know Karsten's on my back and all,but i have not much time to
> learn,and too many things to do at my firm,so i am asking if one of you has
> any idea how can bind be protected against that DoS attack and if someone
> has some good firewall f
On Sun, 30 Dec 2001 16:17, Jor-el wrote:
> On Sun, 30 Dec 2001, Russell Coker wrote:
> > Also don't allow recursion from outside machines.
>
> Why does this help?
When someone sends a recursive query to your server then they know (with a
good degree of accuracy) what requ
On Tue, 26 Mar 2002 15:49, Michal Novotny wrote:
> It is possible to make virtual web hosting (apache) in chroot jail?
Yes. Just install complete copies of Debian in the chroot jails.
> There is a little problem with about 1500 domains/clients.
> How can I set it up (with perl/php/ssi/ssl/cgi/f
On Sun, 30 Dec 2001 11:18, Petre Daniel wrote:
> Well,i know Karsten's on my back and all,but i have not much time to
> learn,and too many things to do at my firm,so i am asking if one of you has
> any idea how can bind be protected against that DoS attack and if someone
> has some good firewall fo
On Sun, 30 Dec 2001 16:17, Jor-el wrote:
> On Sun, 30 Dec 2001, Russell Coker wrote:
> > Also don't allow recursion from outside machines.
>
> Why does this help?
When someone sends a recursive query to your server then they know (with a
good degree of accuracy) what requ
On Tue, 26 Mar 2002 15:49, Michal Novotny wrote:
> It is possible to make virtual web hosting (apache) in chroot jail?
Yes. Just install complete copies of Debian in the chroot jails.
> There is a little problem with about 1500 domains/clients.
> How can I set it up (with perl/php/ssi/ssl/cgi/ft
201 - 221 of 221 matches
Mail list logo
