search for: broadfoot

The cat is out of the bag, so here''s the full disclosure edition of the current security vulnerability. With Rails 1.1.0 through 1.1.5 (minus the short-lived 1.1.3), you can trigger the evaluation of Ruby code through the URL because of a bug in the routing code of Rails. This means that you can essentially take down a Rails process by starting something like /script/profiler, as the code

Hi, My environment is composed of ~250 workstations hitting a single puppetmaster server, which has been working fairly well up until now. The most recent change has been a migration of a lot of remote file copy objects which were previously handled with cfengine. client side puppetd calls to the puppetmaster.getconfig method are taking unreasonably long, on the order of 2-3 minutes. It

Everyone, First my apologies if this has been discussed before on this list, I was unable to find reference to it in the archives. I have a pam module that requires PAM_RUSER to be set however Ive found that if I connect to the remote server (where the pam module is installed) via ssh the PAM_RUSER variable is never set. The PAM_RUSER variable is set within auth-pam.c (line 239 in 3.6p1) as