Re: [patch] libcrypt & friends - modular crypt format support in /etc/login.conf

alt, not a secret, so clearing it afterwards is unnecessary. Consider memcpy() and adding '\0' afterward instead of strncpy(). It seems unnecessary to clear the buffer completely. -- Jilles Tjoelker ___ freebsd-security@freebsd.org mailing lis

Re: OpenSSL end of life

llows multiple versions of the same symbol). -- Jilles Tjoelker ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl

rting a "vulnerable" version of OpenSSL isn't > reassuring to other folks. Yes, this is expected and common practice. Perhaps the version number should instead be removed in head given that it is not updated for security patches anyway. -- Jilles Tjoelker

Re: [kde-freebsd] virtualbox file dialog problem

appropriate. This does not require invasive changes to VirtualBox, and if you want a secure system you do not install VirtualBox anyway. This subversion could be done by overwriting the code of issetugid() or by inserting a dummy implementation of issetugid() with FBSD_1.0 version before libc.

Re: svn commit: r239598 - head/etc/rc.d

CPU cores. The 'cp_times' output has five numbers for each core. For example, in the '-' lines below, 568 + 36 = 604. > @@ -1,2 +1,2 @@ > -kern.cp_times: 4 0 568 3 548 22 0 36 42 397 > -kern.cp_time: 26 0 604 45 945 > +kern.cp_times: 102 0 636 6 8801479 104 0 126

Re: getting the running patch level

mergemaster and freebsd-update must not bother the admin about it. If all files under /etc are considered "configuration files", then perhaps a different location is better. -- Jilles Tjoelker ___ freebsd-security@freebsd.org mailing list http:/

Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)

filesystem is 755, everyone can use pathnames under /usr but only root can use /usr/.. which is confusing and undesirable. > I always make mount-points 0111 these days I'd recommend to keep doing that :) -- Jilles Tjoelker ___ freebsd-security@freebs

Re: Incorrect (?) documentation for setreuid(2) could lead to security issues for user code

because the setresuid() function is easy to understand and consistent in general, but unfortunately not as portable. Swapping real and effective UIDs to relinquish privileges temporarily is inferior to seteuid(). -- Jilles Tjoelker ___ freebsd-se

Re: /etc/rc.bsdextended: am I misunderstanding this..?

ess is allowed only if both the normal filesystem permissions and ugidfw permit it. -- Jilles Tjoelker ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"