Displaying 20 results from an estimated 42 matches for "capsicum".
2013 Aug 07
29
[Bug 2140] New: Capsicum support for FreeBSD 10 (-current)
https://bugzilla.mindrot.org/show_bug.cgi?id=2140
Bug ID: 2140
Summary: Capsicum support for FreeBSD 10 (-current)
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mind...
2017 Aug 03
2
[PATCH] Capsicum headers
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> a few years
ago to avoid future conflicts with POSIX capabilities. There is still a
stub for compatibility, but it would be better not to rely on it.
DES
--
Dag-Erling Sm?rgrav - des at des.no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-caps...
2013 Jun 08
1
Request for review: Sandboxing dhclient using Capsicum.
Hi.
I have a series of patches to sandbox dhclient using Capsicum
(capability mode and capability rights for descriptors).
As usual, because chroot and setgid/setuid are not sandboxing
mechanisms, there are many problems with the current sandboxing:
- Access to various global namespaces (like process list, network, etc.).
- Access to RAW UDP socket.
- Read/write...
2023 Jan 16
2
Transferring fsmo roles to new DC2
...20221203031619.0Z
>
> whenChanged: 20221203031619.0Z
>
> uSNCreated: 5428
>
> uSNChanged: 5428
>
> showInAdvancedViewOnly: TRUE
>
> name: Infrastructure
>
> objectGUID: e27698d8-a43b-4b74-8e51-91cf1b6cdaf3
>
> fSMORoleOwner: CN=NTDS
> Settings,CN=CAPSICUM,CN=Servers,CN=Balewan-Orchards,CN=Sites,CN=Configuration,DC=balewan,DC=pegasusnz,DC=com
Hmm, so it isn't in the 'Default-First-Site-Name' site, I wonder if this
is the problem ? Let me go and have a read of the code and get back to you.
Rowland
2011 Nov 06
0
Re: Make WINE detect an image as a CD drive with an audio disc
...re an example. A seemingly little detail (loopback mounter only mounting single file system) can have your wheels spinning for days. Time lost is money lost if you ask me. Some days I have so many of these issues that I wish I could just go back into the Marine Corps, take face full of oleoresin capsicum (http://oleoresin-capsicum.com/), and join my military poilice unit again.
WAIT! No I don't! I take it back!
2023 Jan 16
1
Transferring fsmo roles to new DC2
...ss: infrastructureUpdate
cn: Infrastructure
instanceType: 4
whenCreated: 20221203031619.0Z
whenChanged: 20221203031619.0Z
uSNCreated: 5428
uSNChanged: 5428
showInAdvancedViewOnly: TRUE
name: Infrastructure
objectGUID: e27698d8-a43b-4b74-8e51-91cf1b6cdaf3
fSMORoleOwner: CN=NTDS Settings,CN=CAPSICUM,CN=Servers,CN=Balewan-Orchards,CN=Sites,CN=Configuration,DC=balewan,DC=pegasusnz,DC=com
systemFlags: -1946157056
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=balewan
?,DC=pegasusnz,DC=com
isCriticalSystemObject: TRUE
distinguishedName: CN=Infrastructure,DC=DomainDnsZ...
2016 Nov 14
0
FreeBSD Quarterly Status Report - Third Quarter 2016
...Though 11.0-RELEASE was not finalized until after the period covered in
this report, we can still have some anticipatory excitement for the
features that will be coming in 12.0. The possibilities are
tantalizing: a base system with no GPL components, arm64 as a Tier-1
architecture, capsicum protection for common utilities, and the
CloudABI for custom software are just a few.
The work of the present is no less exciting, with 11.0 making its way
out just after the end of Q3, the new core coming into its own, and
much more that you'll have to read and find out.
--Ben...
2016 Nov 14
0
FreeBSD Quarterly Status Report - Third Quarter 2016
...Though 11.0-RELEASE was not finalized until after the period covered in
this report, we can still have some anticipatory excitement for the
features that will be coming in 12.0. The possibilities are
tantalizing: a base system with no GPL components, arm64 as a Tier-1
architecture, capsicum protection for common utilities, and the
CloudABI for custom software are just a few.
The work of the present is no less exciting, with 11.0 making its way
out just after the end of Q3, the new core coming into its own, and
much more that you'll have to read and find out.
--Ben...
2014 Feb 28
5
Call for testing: OpenSSH 6.6
...when BindAddress is
not specified.
* ssh(1), sshd(8): fix memory leak in ECDSA signature verification.
* ssh(1): fix matching of 'Host' directives in ssh_config(5) files
to be case-sensitive again (regression in 6.5).
Portable OpenSSH:
* sshd(8): don't fatal if the FreeBSD Capsicum is offered by the
system headers and libc but is not supported by the kernel.
* Fix build using the HP-UX compiler.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh at openssh.com
OpenSSH is brought to you...
2013 Aug 12
16
[Bug 2142] New: openssh sandboxing using libseccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
Bug ID: 2142
Summary: openssh sandboxing using libseccomp
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2023 Jan 16
1
Transferring fsmo roles to new DC2
On 16/01/2023 10:16, Callum G. MacEwan via samba wrote:
> Hi Team
>
> I am transferring to a new AD DC
>
> So I started transferring the fsmo roles the first five transferred fine
> the domaindns and forestdns had the following error!
>
> root at DC2:/etc/sudoers.d#? samba-tool fsmo transfer --role=forestdns
> -UAdministrator
> Password for
2014 Mar 15
0
Announce: OpenSSH 6.6 released
...hen BindAddress is
not specified.
* ssh(1), sshd(8): fix memory leak in ECDSA signature verification.
* ssh(1): fix matching of 'Host' directives in ssh_config(5) files
to be case-insensitive again (regression in 6.5).
Portable OpenSSH:
* sshd(8): don't fatal if the FreeBSD Capsicum is offered by the
system headers and libc but is not supported by the kernel.
* Fix build using the HP-UX compiler.
Checksums:
==========
- SHA1 (openssh-6.6.tar.gz) = bf932d798324ff2502409d3714d0ad8d65c7e1e7
- SHA256 (openssh-6.6.tar.gz) = jaSJE5aiQRm+91dV6EvVGr/ozo33tbxyjjFSiu+Cy80=
- S...
2014 Mar 15
0
Announce: OpenSSH 6.6 released
...hen BindAddress is
not specified.
* ssh(1), sshd(8): fix memory leak in ECDSA signature verification.
* ssh(1): fix matching of 'Host' directives in ssh_config(5) files
to be case-insensitive again (regression in 6.5).
Portable OpenSSH:
* sshd(8): don't fatal if the FreeBSD Capsicum is offered by the
system headers and libc but is not supported by the kernel.
* Fix build using the HP-UX compiler.
Checksums:
==========
- SHA1 (openssh-6.6.tar.gz) = bf932d798324ff2502409d3714d0ad8d65c7e1e7
- SHA256 (openssh-6.6.tar.gz) = jaSJE5aiQRm+91dV6EvVGr/ozo33tbxyjjFSiu+Cy80=
- S...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...esses to zero, which should prevent
the privsep child from forking or opening new network connections.
Sandboxing of the privilege separated child process is currently
experimental but should become the default in a future release.
Native sandboxes for other platforms are welcome (e.g. Capsicum,
Linux pid/net namespaces, etc.)
* Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
and hmac-sha2-512-96, and are available by default in ssh(1) and
s...
2011 Sep 06
2
Announce: OpenSSH 5.9 released
...esses to zero, which should prevent
the privsep child from forking or opening new network connections.
Sandboxing of the privilege separated child process is currently
experimental but should become the default in a future release.
Native sandboxes for other platforms are welcome (e.g. Capsicum,
Linux pid/net namespaces, etc.)
* Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
and hmac-sha2-512-96, and are available by default in ssh(1) and
s...
2018 Jun 08
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
Also what exact distro and version are you having the problem on and
what version of ld does it have?
Mine is
$ ld --version
GNU ld version 2.29.1-23.fc28
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
2017 Nov 13
2
Experiment on how to improve our temporary file handing.
On Mon, Nov 13, 2017 at 01:46:32PM -0800, Davide Italiano wrote:
> On Mon, Nov 13, 2017 at 11:48 AM, Rafael Avila de Espindola
> <rafael.espindola at gmail.com> wrote:
> > Davide Italiano <davide.italiano at gmail.com> writes:
> >
> >>> I couldn't find any support for this on FreeBSD.
> >>>
> >>
> >> AFAIK FreeBSD supports
2018 Jun 07
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
hi
On 6/7/18 4:03 PM, Darren Tucker wrote:
> On 8 June 2018 at 07:09, PGNet Dev <pgnet.dev at gmail.com> wrote:
>> Verifying a report I just got pinged about, building vanilla openssh 7.7p1 on linux configures ok, but fails build around 'retpoline'
> [...]
>> Should the retpoline flag be getting added? If so, what's needed to make LD happy with it?
>
>
2019 Apr 28
2
CFT: FreeBSD Package Base
FreeBSD Community,
I'm pleased to announce a CFT for builds of FreeBSD 12-stable and 13-current
using "TrueOS-inspired" packaged base. These are stock FreeBSD images which
will allow users to perform all updating via the 'pkg' command directly.
Rather than trying to answer all questions in this announcement, we've
created a FAQ page with more details. Please refer to
2014 Jan 30
0
Announce: OpenSSH 6.5 released
...stack-protector-all or -fstack-protector compilation flag are
used to add guards to mitigate attacks based on stack overflows.
The use of these options may be disabled using the
--without-stackprotect configure option.
* sshd(8): Add support for pre-authentication sandboxing using the
Capsicum API introduced in FreeBSD 10.
* Switch to a ChaCha20-based arc4random() PRNG for platforms that do
not provide their own.
* sshd(8): bz#2156: restore Linux oom_adj setting when handling
SIGHUP to maintain behaviour over retart.
* sshd(8): bz#2032: use local username in krb5_kuserok chec...