Missing binary package security updates?

serious issues like CVE-2014-0160 are found? Right now pkgng binary packages are not really suitable for production use because of lacking essential security updates. (There should be a loud and clear warning about this in the Handbook if it stays this way?) Best Regards, -- Janne Snabb sn

Re: FreeBSD DDoS protection

for more information: http://www.phildev.net/mss/ https://supportforums.cisco.com/docs/DOC-5839 http://www.cymru.com/Documents/icmp-messages.html http://packetlife.net/blog/2008/oct/09/disabling-unreachables-breaks-pmtud/ -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.

Re: getting the running patch level

ease? Or freebsd_release command (shell script) which takes the same flags as lsb_release? -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/ ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-sec

Re: [Full-disclosure] nvidia linux binary driver priv escalation exploit

On 08/10/2012 09:35 PM, Simon L. B. Nielsen wrote: [..] > On 08/01/2012 05:09, Oliver Pinter wrote: >> I found this today on FD: >> >> http://seclists.org/fulldisclosure/2012/Aug/4 [..] > Eh, why wouldn't a CVE name not be assigned? If none is we should ask > MITRE to assign one, bu

Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)

On Wed, 11 May 2011, Chris Rees wrote: > On 11 May 2011 06:28, "Janne Snabb" wrote: > > UNIX rm(1) is not opening a pop-up window > > asking "are you sure?" if you do "rm -rf /". > > I suggest you test this assertion I am surprised. I g

Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)

want and should not restrict their freedom to do so. Just my thoughts, -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/ ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To

Re: ~/.login_conf mechanism is flawed

something else? Are there any viable alternatives which provide compatible simple interface, simple file format and robustness, with a suitable license? -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/ ___ freebsd-s

Re: ~/.login_conf mechanism is flawed

understand, as I am not familiar with it, thus no real solution (from me at least). -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/ ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-

Re: ~/.login_conf mechanism is flawed

On Tue, 10 Aug 2010, Janne Snabb wrote: > Looks like the per-user login capability database (~/.login_conf, > ~/.login_conf.db) functionality is creating a vulnerability. Attached is a temporary workaround for anyone who is worried about this problem. It disables per-user login capa

Re: ~/.login_conf mechanism is flawed

similar vulnerability in 4.4-RELEASE, which > allowed > to read any file in system with root privileges: > > http://marc.info/?l=bugtraq&m=100101802423376&w=2 Hehe... I was about to try out this one next. -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.co

~/.login_conf mechanism is flawed

whether the per-user login capabilities should be processed and make it DISABLED default. User-specific .login_conf{,.db} would be processed only if excplicitly enabled by the administrator. I think this bug goes in to a class of local privilege escalation. Am I missing something obvious? Wh