Re: auditing users within a jail

2018-03-17 Thread Eitan Adler
setaudit port if Christian decides to pull in my > enhancements. We chatted a bit offline, but thanks for the info! That was really helpful. -- Eitan Adler ___ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freeb

auditing users within a jail

2018-03-11 Thread Eitan Adler
/dev/auditpipe show nothing but "praudit /var/audit/current" show some events? Thanks! -- Eitan Adler ___ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: Ports Secteam

2015-06-10 Thread Eitan Adler
etric when considering > candidates... I agree. I *am* active as a ports-security member: I monitor relevent open & closed security lists for concerns that may affect FreeBSD. In addition I watch pkgng development for new security concerns. That said, I havn't committed to th

Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?

2014-07-04 Thread Eitan Adler
On 4 July 2014 02:11, Ben Laurie wrote: > On 3 July 2014 17:07, Jonathan Anderson wrote: >> Eitan Adler wrote: >>> >>> Perhaps we should remove HTTPS support from libfetch and require the >>> user to install wget or curl if they want to use SSL? Having a &g

Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?

2014-07-03 Thread Eitan Adler
base system, even in environments where I'd rather use > binary releases and freebsd-update. Lets turn it into a config file then? Why does this have to happen at install time? We are just dealing with defaults here. In general, the default system should Just Wor

Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?

2014-07-03 Thread Eitan Adler
m/#!forum/mozilla.dev.security.policy -- Eitan Adler ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?

2014-07-02 Thread Eitan Adler
by default. > If I consider a CA to be trustworthy, I will insert it's certificate to > trusted store. No one is welcomed to make such decision in behalf of me. So remove or edit the defaults. As for #4: I'm not sure I like the port touching the base system (even with an option) b

Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?

2014-04-25 Thread Eitan Adler
> negative may result in incorrect code; therefore it will produce many > false positives. the clang analyzer operates under a different set of constraints and end user vision than a typical compiler. -- Eitan Adler ___ freebsd-security@fr

Re: .rnd file after starting X

2013-10-19 Thread Eitan Adler
On Sun, Oct 20, 2013 at 12:04 AM, Zoran Kolic wrote: > After updating to 9.2 release and upgrading ports, > I had to compile nvidia driver 319.32. Finally, have > graphics up. One file shows out of the blue, when- > ever I run startx, spite I remove it regurarly. The > size is 1024. Man for rand m

Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]

2012-11-20 Thread Eitan Adler
On 20 November 2012 04:54, xenophon\+freebsd wrote: >> As of now: >> >> - SVN is *the* source of truth. > > Would it be possible to publish FreeBSD's Subversion repository using > HTTPS, instead of HTTP? %svn ls https://svn0.us-west.Free

Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident]

2012-11-19 Thread Eitan Adler
others up to date, but fail at times. > Also, local branching and merging is amazing. +1 - but one can always use git-svn. -- Eitan Adler ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To u

Re: Recent security announcement and csup/cvsup?

2012-11-17 Thread Eitan Adler
recommended that you use portsnap or svn if at all possible. As for GNATS, there are plans to eventually move away from GNATS but details have not been decided. -- Eitan Adler ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mail

Re: Opinion on checking return value of setuid(getuid())?

2012-10-02 Thread Eitan Adler
f these in base, but some are the > result of macro expansion so it may not be too bad. Please cc me on the PRs you send. I will take them all and commit them in bunches. Thanks! -- Eitan Adler ___ freebsd-security@freebsd.org mailing list http

Re: Opinion on checking return value of setuid(getuid())?

2012-10-02 Thread Eitan Adler
On 2 October 2012 08:38, Erik Cederstrand wrote: > Den 01/10/2012 kl. 13.55 skrev Eitan Adler : > >> On 1 October 2012 07:08, Konstantin Belousov wrote: >>> I do not believe in the dreadful 'flood ping' security breach. Is a >>> local escalation poss

Re: Opinion on checking return value of setuid(getuid())?

2012-10-01 Thread Eitan Adler
t is a different question how serious the breach is. -- Eitan Adler ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: Default password hash

2012-06-09 Thread Eitan Adler
a >>> sequence of steps not to lock me out of the box. is there any place that >>> documents this ? >> change the users passwd to something new, or just use the old passwd, >> but re-enter it change the default forma

Re: portaudit

2010-10-11 Thread Eitan Adler
s - why is this unlikely to be patched? -- Eitan Adler ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"