On Wed, May 23, 2018, at 16:40, Mark Felder wrote:
> Additionally, making password hashing more
>
Mailman came to the door and my barking dog interrupted my train of thought :-)
I believe what I was going for was in reference to the bugzilla report, so I'll
try again:
Additiona
s/
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518
[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=75934 is the original
report about the issue
--
Mark Felder
ports-secteam & portmgr member
f...@freebsd.org
___
freebsd-security@freebs
On Sun, Jan 1, 2017, at 04:17, mokhi wrote:
> Happy new year :)
> > As of January 1, 2017, FreeBSD 9.3, 10.1 and 10.2 have reached end-of-life
> Does it mean it's no longer needed to test/poudriere the ports I
> patch/maintain for 9.X?
>
Correct
--
Mark Felder
p
rt PkgBase for
> releases as well as for stable/current?
> E.g. FreeBSD-libxo-12.0_2, FreeBSD-libxo-12.0.s20160903042939
>
I don't know if it will be possible to match for stable/current users.
Depends on the versioning scheme.
--
Mark Felder
ports-secteam member
f...@freebs
On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
> I am not sure if this is the right list or not. If not, please redirect
> me to the right one.
>
> I noticed this post from Mark Felder
> https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities
gations that do not
> require patches.
>
I already solved your #2 problem:
https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/
#3 is being reviewed by secteam/core, so I think we're well on our way
to solving these concerns.
--
Mark Fel
d here. Instead we need to focus
on decoupling openssl from base so this can all be handled by ports.
--
Mark Felder
f...@feld.me
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe
put it aside, despite large
> swathes of it being well over my head.
>
I agree, this is fantastic!
--
Mark Felder
ports-secteam member
f...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinf
ilable on the master mirror they
should be distributed within a few minutes.
I have emailed secteam@ about it but have not yet heard back.
--
Mark Felder
ports-secteam member
f...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://
reeBSD 9.x -
> I understand why it wouldn't for FreeBSD 10).
>
Good question. I just checked a 9.3 jail and the version is 9.9.5 so it
should be affected.
--
Mark Felder
ports-secteam member
f...@freebsd.org
___
freebsd-security@freeb
deploy FreeBSD
> and provide a safe default. The patch itself DOES NOT fix the
> permissions
> for existing installations.
>
Are we paranoid of breaking someone's special snowflake install, or is
freebsd-update unable to only do a permissions change?
--
Mark Felder
p
date to
update it and then IDS to verify it.
If you have a 10.2-RELEASE host and a 9.3-RELEASE jail you would do
this:
$ UNAME_r=9.3-RELEASE freebsd-update -d /path/to/jail fetch install
$ UNAME_r=9.3-RELEASE freebsd-update -d /path/to/jail IDS
--
Mark Felder
ports-secteam member
/release-pkg dir in -CURRENT.
>
> Any recommendations as to how we might help this particular effort?
>
What do you mean? It has been there for a while
https://svnweb.freebsd.org/base/projects/release-pkg/
--
Mark Felder
ports-secteam member
f...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
o the other openjdks need to be listed as
affected as well?
https://svnweb.freebsd.org/ports?view=revision&revision=403819
--
Mark Felder
f...@feld.me
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd
don't
foresee myself updating the port, but I can get a vuxml entry added.
--
Mark Felder
f...@feld.me
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
hat gets updated every time there's a new release.
--
Mark Felder
f...@feld.me
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
lly annoying. 8u72 won't be available until *January* ?!
http://openjdk.java.net/projects/jdk8u/releases/8u72.html
--
Mark Felder
ports-secteam member
f...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd
ssh
> from ports. Which does not generate warnings I have questions about the
> originating ip-nr.
>
> >> Are they still willing to accept changes to the old version that is
> >> currently in base?
> >
> > No, why would they do that?
>
> Exactly my question
ou know the target(s) will go there. HTTPS is irrelevant.
https://en.wikipedia.org/wiki/Watering_Hole
--
Mark Felder
ports-secteam member
f...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo
On Fri, Sep 18, 2015, at 07:21, Mark Felder wrote:
>
> > Same goes for use of svn, which has no native
> > signable hashed commit graph, as freebsd's
> > canonical repo... instead of git which does.
> >
>
> svn is available over https
>
I got cau
need to solve backdoored hardware.
> These days these flaws are more than a bit ridiculous,
> especially for an OS, which by definition [excepting
> the hardware] should be your root of trust.
>
> Can we get a wiki project page and some traction on this?
> Thanks.
>
htt
On Fri, Aug 14, 2015, at 12:31, Mason Loring Bliss wrote:
>
> > The packages are there, so I don't understand how you observe these
> > packages to still be vulnerable.
>
> How about, two of them were vulnerable until I wrote to the list with the
> dismaying thought that we were going to ship v
On Thu, Aug 13, 2015, at 15:20, Mason Loring Bliss wrote:
> A recently quarterly report:
>
> https://www.freebsd.org/news/status/report-2015-04-2015-06.html
>
> and last week's BSD Now episode both hint that quarterly packages will be
> the
> default for 10.2. I just looked, and sure enough
On Fri, Aug 14, 2015, at 06:18, Stari Karp wrote:
> Hi!
>
> My system (updated today from FreeBSD 10.1-RELEASE):
>
> FreeBSD 10.2-RELEASE #0 r28: Wed Aug 12 15:26:37 UTC 2015
> r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
>
>
> I did run rkhunter -c today and I ha
On Fri, Jul 17, 2015, at 14:19, Mike Tancsa wrote:
> Not sure if others have seen this yet
>
> --
>
>
> https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
>
> "OpenSSH has a default value of six
On Thu, Jul 9, 2015, at 13:05, Lev Serebryakov wrote:
>
> `security/pam_ssh_agent_auth' installs PAM module
> (pam_ssh_agent_auth.so) into `${LOCALBASE}/lib', but
> `security/pam_yubico' and `security/oath-toolkit' install PAM modules
> into `${LOCALBASE}/lib/security'.
>
> And, by default on
On Thu, Jul 9, 2015, at 11:15, Lev Serebryakov wrote:
>
> Does somebody succeed to setup FreeBSD for usage with Yubikey NEO
> token without Yubico authentication service, with OATH-HOTP?
>
What have you tried so far? I don't do the offline auth, but this seems
to be documented well in ykpamcf
On Wed, Jul 8, 2015, at 12:27, Dan Lukes wrote:
> On 07/08/15 18:29, Mark Felder:
> >> IV. Workaround
> >>
> >> No workaround is available, but hosts not running named(8) are not
> >> vulnerable.
>
> > Why is no workaround available? Can't y
On Tue, Jul 7, 2015, at 18:25, FreeBSD Security Advisories wrote:
>
> IV. Workaround
>
> No workaround is available, but hosts not running named(8) are not
> vulnerable.
>
Why is no workaround available? Can't you just disable DNSSEC
validation?
dnssec-enable no;
dnssec-validation no;
In f
On Wed, Jul 1, 2015, at 08:47, Dag-Erling Smørgrav wrote:
> Mark Felder writes:
> > I'm not an expert on the leapsecond operation, but if I understand it
> > correctly there are two ways a system can be notified of a leapsecond:
> > via a tzdata update or through NTP.
On Tue, Jun 23, 2015, at 14:03, Pawel Biernacki wrote:
> Hi,
>
> As we (hopefully) all know on 30th of June we'll observe leap second.
> tzdata information was updated in release 2015a in January. This
> version
> was imported in FreeBSD HEAD (r279706), 10-STABLE (r279707), 9-STABLE
> (r27970
On Mon, Jun 8, 2015, at 18:31, Xin Li wrote:
>
> On 06/08/15 14:37, Robert Simmons wrote:
> > I'm sure that the reason these questions have not been answered is
> > simply because they may have gotten lost in the volume of traffic
> > on freebsd-ports. In the following thread, there are a numbe
On Mon, Jun 8, 2015, at 15:55, Roger Marquis wrote:
> > On Fri, May 29, 2015 at 5:15 PM, Robert Simmons wrote:
> > Crickets.
> >
> > May I ask again:
> >
> > How do we find out who the members of the Ports Secteam are?
> >
> > How do we join the team?
>
> Anyone?
>
I really hope this can
On Mon, May 18, 2015, at 13:55, Dan Lukes wrote:
>
> I have own source repository with custom system patches so I'm not tied
> to "official" decisions. No offense to FreeBSD team in any way! I'm just
> not average user. ;-)
>
>
Do not be discouraged about submitting them. It's quite easy to
On Mon, May 18, 2015, at 14:01, Sevan / Venture37 wrote:
> On 18 May 2015 at 19:06, Mark Felder wrote:
> >
> >
> > On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
> >> Does anyone know what's going on with vuln.xml updates? Over the last
> >&g
On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
> Does anyone know what's going on with vuln.xml updates? Over the last
> few weeks and months CVEs and application mailing lists have announced
> vulnerabilities for several ports that in some cases only showed up in
> vuln.xml after several
On Mon, May 18, 2015, at 12:34, Dan Lukes wrote:
> On 05/18/15 15:52, Mark Felder:
> > I mean, should we have an SA because our libc supports strcpy and people
> > can use that and create severe vulnerabilities?
>
> No, but we should have SA whenever other system compone
On Sun, May 17, 2015, at 18:06, Dan Lukes wrote:
> On 05/18/15 00:00, Mark Felder:
> >> If TLS 1.0 is considered severe security issue AND system utilities are
> >> using it, why there is no Security Advisory describing this system
> >> vulnerability ?
> >&
On Mon, May 18, 2015, at 02:05, Ian Smith wrote:
>
> > The danger is decryption. Your username/password could be stolen if
> > someone captures your traffic after successfully initiating a downgrade
> > attack.
>
> So the danger is only to myself, from some MITM, and not to the server?
> A
On Sun, May 17, 2015, at 16:28, Dan Lukes wrote:
> On 05/17/15 22:20, Mark Felder:
> > You're not understanding the situation: the vulnerability isn't in
> > OpenSSL; it's a design flaw / weakness in the protocol.
>
> Sorry, my English seems to be so
On Sun, May 17, 2015, at 16:08, Roger Marquis wrote:
> Mark Felder wrote:
> >> Considering the time to write and test patches is the same in either case
> >> it is still an open question.
>
> > Again, this is not possible. You can't just "replace&quo
On Sun, May 17, 2015, at 15:50, Roger Marquis wrote:
> > You're not understanding the situation: the vulnerability isn't in
> > OpenSSL; it's a design flaw / weakness in the protocol. This is why
> > everyone is running like mad from SSL 3.0 and TLS 1.0.
>
> Right, there are two issues being dis
On Sat, May 16, 2015, at 01:38, Dan Lukes wrote:
> Mark Felder wrote:
> >> Base OpenSSL in still supported releases is too old version and doesn't
> >> support TLS 1.2 as well.
> >>
> >> Either TLS 1.0 is so insecure and should not be used, or is sec
On Fri, May 15, 2015, at 10:22, Roger Marquis wrote:
> Mark Felder wrote:
> > In the future FreeBSD's base libraries like OpenSSL hopefully will be
> > private: only the base system knows they exist; no other software will
> > see them. This will mean that ever
On Thu, May 14, 2015, at 06:31, Dan Lukes wrote:
> Patrick Proniewski wrote:
> >> "Data Transfer Interrupted
> >> The connection to forums.freebsd.org has terminated unexpectedly. Some
> >> data may have been transferred."
> >
> > looks like your browser/OS does not support TLS 1.2.
>
> I'm co
On Fri, May 15, 2015, at 03:07, Ian Smith wrote:
> On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
> > Hello
> >
> > >> But I don't think disable TLS 1.0 is ok.
> > >>
> > >
> > > TLS 1.0 is dead and is even now banned in new installations according to
> > > the PCI DSS 3.1 standar
On Thu, May 14, 2015, at 10:20, Patrick Proniewski wrote:
> On 14 mai 2015, at 16:13, jungle Boogie wrote:
>
> > On 14 May 2015 at 06:08, Mark Felder wrote:
> >>
> >> TLS 1.0 is dead and is even now banned in new installations according to
> >> the PCI
On Thu, May 14, 2015, at 05:19, Adam Major wrote:
> Hello
>
> I checked now by sslLabs.com:
> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org
>
> and score is A+
>
> But I don't think disable TLS 1.0 is ok.
>
TLS 1.0 is dead and is even now banned in new installations accor
On Mon, Apr 27, 2015, at 03:34, Piotr Kubaj wrote:
> Hi,
>
> I wrote about this vulnerability in January:
> https://lists.freebsd.org/pipermail/freebsd-security/2015-January/008115.html
>
> There were only patches for stable.
>
There is an open PR as well
https://bugs.freebsd.org/bugzilla/sh
On Fri, Mar 20, 2015, at 10:21, Paul Hoffman wrote:
>
> It doesn't look like OpenSSL got updated, and it looks like a bunch of
> the attempted updates failed. Was this advisory tested on 10.0?
>
Those failures are for files in /usr/src. If you don't have the source
code in /usr/src the updates
On Mon, Mar 16, 2015, at 14:57, Yuri wrote:
> www/npm downloads and installs packages without having signature
> checking in place.
> There is the discussion about package security
> https://github.com/node-forward/discussions/issues/29 , but actual
> checking isn't currently done.
>
> Additi
On Wed, Mar 11, 2015, at 19:35, Dan Lukes wrote:
> Julian Elischer wrote:
> >>> Can you say which email servers *other* than unpatched Ironport fail?
>
> > well my problem is that I don't know what the other ends are running
> > exactly, but they are pretty big institution.
>
> Just side note -
On Thu, Feb 26, 2015, at 14:52, Malcolm Herbert wrote:
> I'd also suggest you take a look at using mtree for tripwire-like
> functionality into the future - its primary purpose is to be able to
> take the specification for a directory tree and either report
> differences or make the filesystem co
On Thu, Feb 26, 2015, at 14:12, Glyn Grinstead wrote:
> On Thu, 26 Feb 2015 at 12:02:52 -0600, Mark Felder wrote:
> > On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote:
> > >
> > > Example:
> > > # touch -t 20150101 foo
> > > # find / -user ww
On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote:
>
> Example:
> # touch -t 20150101 foo
> # find / -user www -newer foo
>
> If you don’t find anything, look back a little further.
> Hopefully you will find a clue in this way.
>
Thanks for posting this trick -- I've never considered it be
On Tue, Feb 3, 2015, at 07:48, Mark Felder wrote:
>
> Unless you're building a Frankenstein OS you should never come across a
> situation where a native FreeBSD binary is linked to glibc. (I'm not
> even sure it's possible!) Linux uses glibc for their libc reference,
On Mon, Feb 2, 2015, at 12:58, Roger Marquis wrote:
> > Is FreeBSD glib always linked to libc (vs glibc)?
>
> Apparently it is, at least on the systems I've tested where there were no
> glibc dependencies at all. Another item added to the list of BSD
> (security) advantages.
>
Unless you're b
On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote:
> I'd like to propose that FreeBSD move to OpenNTPD, which appears to
> have none of the
> fixed or unfixed (!) vulnerabilities that are present in ntpd.
> There's already a port.
>
Historically OpenNTPD has been dismissed as a candidate becaus
On Mon, Oct 6, 2014, at 06:48, Frank Seltzer wrote:
> Is rkhunter still actively maintained? I run it nightly and I can't
> remember the last time there was an update to any of the database files.
>
The main project appears to be only updated once or twice a year. I
don't know how frequently
On Fri, Sep 26, 2014, at 10:25, Paul Hoffman wrote:
>
> I appreciate the speed that folks update the packages; I'm a bit
> distressed that 9.3 seems to be a second-class citizen for security
> fixes. (And I totally admit that I could be misreading the situation.)
>
(speaking strictly as a consum
On Tue, Sep 16, 2014, at 08:20, Lowell Gilbert wrote:
>
> Spoofing traffic is pretty easy. The reason it isn't generally a problem
> is that knowing what to spoof is more difficult. [I assume that's what
> feld@ actually meant, but it's an important distinction.]
>
How many AS are out there don
On Tue, Sep 16, 2014, at 05:19, Steven Chamberlain wrote:
> Hi,
>
> On 16/09/14 11:14, FreeBSD Security Advisories wrote:
> > An attacker who has the ability to spoof IP traffic can tear down a
> > TCP connection by sending only 2 packets, if they know both TCP port
> > numbers.
>
> This may be
There is always going to be skepticism about who to trust by default. The CA
system is out of control and it worries me as well. However, if we do not make
an effort to provide a default trust store why do we enforce verification by
default? I feel it would be more consistent to disable verifica
On Mon, Jan 27, 2014, at 22:41, Elmar Stellnberger wrote:
> However locally stored
> checksums are not of use as they can
> be manipulated arbitrarily.
>
This shouldn't be a concern when using signed packages, correct? Or if
that's still a problem couldn't we just teach `pkg check` to confirm
si
On Tue, Sep 10, 2013, at 14:05, Darren Pilgrim wrote:
> - Leave SSLv3/TLSv1.0 enabled only for cases where you can't control the
> remote end's SSL capabilities.
Which is what I routinely run into: public webhosting services.
Customers will scream if their website doesn't work on every moderatel
I'm still waiting for someone to thoroughly analyze this question
What's worse: the possibility that NSA has cracked RC4 or being
vulnerable to BEAST/CRIME?
Set your crypto to a minimum of TLS 1.1 and let everyone who can't
connect complain. At least their data wasn't compromised.
This entire si
As described here:
http://lists.grok.org.uk/pipermail/full-disclosure/2013-July/091084.html
If I understand this correctly our accept filters will have zero effect
on stopping this exploit, correct?
___
freebsd-security@freebsd.org mailing list
http://li
On Mon, 04 Mar 2013 16:34:58 -0600, Koornstra, Reinoud
wrote:
Hi Mark,
Why not consider NPF from NetBSD where SMP friendly firewalling is a
given.
I've actually been toying with the idea of reinstalling my firewall with
NetBSD so I can try NPF. I just hate debugging firewall rules that
On Sun, 03 Mar 2013 17:12:18 -0600, Robert Simmons
wrote:
Are there plans to update ipfilter or pf to current versions?
ipfilter is currently at 5.1.2, but the version in FreeBSD is 4.1.28
from 2007.
On the pf side, the version in FreeBSD is 4.5, but the current version
I would understand to
On Sun, 10 Feb 2013 06:48:08 -0600, Janne Snabb wrote:
Please do not drop all ICMP unless you understand what you are doing. By
doing that you are creating a path MTU discovery blackhole.
I was coming here to say the exact thing
Dropping ICMP is not a security method. Please stop doing this!
On Mon, 7 Jan 2013 13:54:01 +0100
Patrick Proniewski wrote:
> As I understand it, ZFS includes a feature allowing to trigger an antivirus
> scan when a file system write is issued. The proper hook seems to exist only
> on Solaris. Is there any plan to activate this feature on FreeBSD ?
It woul
On Wed, 01 Aug 2012 07:09:53 -0500, Oliver Pinter
wrote:
Hi all!
I found this today on FD:
I wonder if this has been tested on FreeBSD yet?
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To
On Mon, 09 Jul 2012 05:39:37 -0500, Dag-Erling Smørgrav wrote:
What sort of benchmarks do you envision? Unlike named, unbound is
intended to serve only one client (localhost) or a small number of
clients (a SOHO).
Highly disagree; we use it (ISP) as our resolving nameserver for all of
our
On Wed, 04 Jul 2012 16:19:38 -0500, Doug Barton wrote:
On 07/04/2012 11:51, Jason Hellenthal wrote:
What would be really nice here is a command wrapper hooked into the
shell so that when you type a command and it does not exist it presents
you with a question for suggestions to install somewha
On Mon, 25 Jun 2012 22:47:27 -0500, J. Hellenthal
wrote:
Still have yet to hear of something like this happening but its real
enough considering some of the exploits out there.
Cisco Ironport devices do MITM for SSL and SSH. Clearly someone wrote
enough of the code that this is feasible.
On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons
wrote:
In light of advanced in processors and GPUs, what is the potential for
duplication of RSA, DSA, and ECDSA keys at the current default key
lengths (2048, 1024, and 256 respectively)?
I've been able to duplicate keys for years simply
On Fri, 22 Jun 2012 10:59:28 -0500, Jason Hellenthal
wrote:
Security principles are well laid out and have not changed in a long
time. Vering away from those principles will cause a LOT of
administrative overhead as most software out there can expect a sane
environment if / is root:wheel
W
On Fri, 08 Jun 2012 07:51:55 -0500, Dag-Erling Smørgrav wrote:
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5,
On Tue, 22 May 2012 02:06:25 -0500, mahdieh salamat
wrote:
Hi all. I don't know I should ask my question here or not,I want to lock
my
partitons by geli or gbde, but I want that after boot users don't force
to
enter the passphrase. In other wise the partitions are locked but seems
that th
On Thu, 03 May 2012 10:21:24 -0500, Robert Simmons
wrote:
TLS 1.1:
https://bugzilla.mozilla.org/show_bug.cgi?id=565047
TLS 1.2:
https://bugzilla.mozilla.org/show_bug.cgi?id=480514
Cool, thanks for the followup!
___
freebsd-security@freebsd.org ma
On Wed, 02 May 2012 17:45:27 -0500, Matt Dawson
wrote:
IE might be the only client with support for those protocols right now
but somebody has to lead the way on the server side or you end up with
a mutual apathy loop (AKA positive can't be arsed feedback loop).
Actually Opera is the only
On Wed, 02 May 2012 16:01:49 -0500, Matt Dawson
wrote:
mod_gnutls in ports. Setup is simple for Apache. Prefer the RC4 cipher
which secures SSLv3 against BEAST. This setup on my own HTTPS servers
passes Qualys' own tests with an A rating of 87 and tells me BEAST is
mitigated, although the thi
On Fri, 16 Sep 2011 12:29:56 -0500, Xin LI wrote:
LDAP? (We do currently have some work on LDAP integration but not
sure if the community would be interested -- this would need an import
of stripped down OpenLDAP) and modifies OpenSSH to support public key
in LDAP directory.
All of this woul
On Fri, 06 May 2011 10:13:50 -0500, Daniel Jacobsson
wrote:
Can someone confirm if this bugg/exploit works?
It's really not a bug or exploit... it's just the guy being crafty. It
only makes sense: the jails access the same filesystem as the host. Put a
file setuid in the jail and use yo
84 matches
Mail list logo
