search for: ephemeral

...IN= OUT=lo SRC=192.168.9.20 DST=192.168.9.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46910 DF PROTO=TCP SPT=56624 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0 OPT (0204400C0402080A4A26F7A50000000001030307) UID=0 that on at least one occasion repeated for every few seconds for more than three hours. The ephemeral source port keeps changing in an irregular manner. Any suggestions? Thanks, Mike

...ew intrinsic: void @llvm.invariant(i1 %cond) which declares that the %cond is defined to be true. First, we need to make sure that instructions that contribute only to forming the invariant conditions don't interfere with optimization and code generation. We'll call these instructions 'ephemeral' (this was Chandler's idea). An analysis pass can walk instructions starting from the @llvm.invariant calls and record those instructions as ephemeral those used only by other ephemeral instructions (the invariant call is also ephemeral). This analysis pass will be used by: - The inliner (...

...ks > > https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726 > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3714 > > Mitigation: > > As a workaround the /etc/ImageMagick/policy.xml file can be edited to disable > processing of MVG, HTTPS, EPHEMERAL and MSL commands within image files, simply > add the following lines: > <policy domain="coder" rights="none" pattern="EPHEMERAL" /> > <policy domain="coder" rights="none" pattern="HTTPS" /> > <policy domain=&quo...

...e) with kernel 3.10.0-514.16.1.el7.x86_64 Using iperf for bond benchmarking, and opening several sockets, I noticed a strange behavior. My Centos using iperf as a client to connect to an iperf server (running either CentOS or Debian) requesting N parallel TCP connections. I notice that the local ephemeral ports used are not consecutive and are always even ports numbers. This can change to "only odd ports numbers" depending on the setting net.ipv4.ip_local_port_range, but basically, the idea is the Centos kernel does "+2" when finding a local port for socket, not doing +1. Doing...

https://imagetragick.com/ As CentOS is often used for web servers, I thought this should be posted here. Bug in ImageMagick allows remote exploit. AFAIK no patch exists yet but defense against the exploit is detailed at the link. CVE-2016?3714

...I always see DTLS ECDH initialized (automatic), faster PFS enabled any idea? Thanks! res_rtp_asterisk ------------------ * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). Enabling PFS is attempted by default, and is dependent on the configuration of the module using TLS. - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: dtlscipher=AES128-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, e.g., sip.conf dtlsprivatekey. For example: openssl dhparam...

...ts behavior given <args>? If so, then I think this is pretty bad. If we ever want to parallelize function passes, then they can't inspect the innards of other functions. So this would significantly constrain the utility here. Also, this would create uses of the arguments that were "ephemeral" uses. It's not clear how that is better than any of the other proposals to represent constraint systems in the IR via "ephemeral" uses. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/201311...

...xc2f8swkxv22xkhx2vrb4ppqbfdfgfgqh5gq8plqzrv5,853ff3d9-70d4-43c5-b9ff-4d5815ea557d: server error. command SyncVMI failed: "LibvirtError(Code=1, Domain=10, Message='internal error: process exited while connecting to monitor: 2020-03-25T10:09:21.656238Z qemu-kvm: -drive file=/var/run/kubevirt-ephemeral-disks/disk-data/disk0/disk.qcow2,format=qcow2,if=none,id=drive-ua-disk0,cache=none: file system may not support O_DIRECT\n2020-03-25T10:09:21.656391Z qemu-kvm: -drive file=/var/run/kubevirt-ephemeral-disks/disk-data/disk0/disk.qcow2,format=qcow2,if=none,id=drive-ua-disk0,cache=none: Could not open...

...; for having it pull "Match" rules from a central repository, namely > LDAP or a RESTAPI service? You could probably hack something together using the exising ssh_config "Match exec" and "Include" directives here. E.g. Match !final exec "~/bin/download-config-ephemeral" Match any Include ~/.ssh/config-ephemeral

...; for having it pull "Match" rules from a central repository, namely > LDAP or a RESTAPI service? You could probably hack something together using the exising ssh_config "Match exec" and "Include" directives here. E.g. Match !final exec "~/bin/download-config-ephemeral" Match any Include ~/.ssh/config-ephemeral

...ch" rules from a central repository, namely > > LDAP or a RESTAPI service? > > You could probably hack something together using the exising ssh_config > "Match exec" and "Include" directives here. E.g. > > Match !final exec "~/bin/download-config-ephemeral" > Match any > ??????? Include ~/.ssh/config-ephemeral > > >

...rm: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: libove at felines.org The SSH Daemon writes its sshd.pid file only after it generates its ephemeral server key. This makes the amount of time between starting the daemon and the creation / update of the sshd.pid file variable, and can cause a race condition with e.g. /sbin/init.d scripts which start the daemon and then want to check to see that the start was successful. Please move the sshd.p...

...gs > on the package. > > Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options: [Service] Type=forking PIDFile=/var/run/dnscrypt-cs.pid ExecStart=/usr/sbin/dnscrypt-proxy \ --daemonize \ --user=nobody \ --pidfile=/var/run/dnscrypt-cs.pid \ --ephemeral-keys \ --resolver-name=cs-fi \ --logfile=/tmp/cs.log \ --local-address=127.0.0.1:6354 Restart=on-abort [Service] Type=forking PIDFile=/var/run/dnscrypt-ipredator.pid ExecStart=/usr/sbin/dnscrypt-proxy \ --daemonize \ --user=nobody \ --pidfile=/var/run/dnscrypt-ipredator.pid \ --ephemeral-ke...

...or > safe-to-execute. It's also reasonable to expect these to be small. > > > Hence you can imagine freezing a copy of those functions that are > used in this meta-data. > > > > > > > > Also, this would create uses of the arguments that were "ephemeral" > uses. > > > I think they're ephemeral in a very different sense than the previous > !notrap; for example here the used continue to be meaningful even > after replaceAllUsesWith. I think that, to Chandler's point, it would be the responsibility of the function cr...

...0-length recv. The DOS box flails away attempting to reconnect forever, and the server never seems to get any type of signal that the DOS box is attempting to reconnect. Possibly relevant facts: - The DOS box uses the same local port (1025) every time it tries to connect. It does not use a random ephemeral port. - The exact same code was tested on a CentOS 6.5 and 6.6 box, resulting in the described behavior. The boxes were identical clones except for the O/S upgrade. - The Python interpreter was not changed during the upgrade, because I run this code using my own 2.7.2 install. However, both glibc a...

...ot be necessary to optimize it in order to make use of it for safe-to-execute. It's also reasonable to expect these to be small. Hence you can imagine freezing a copy of those functions that are used in this meta-data. > > Also, this would create uses of the arguments that were "ephemeral" uses. I think they're ephemeral in a very different sense than the previous !notrap; for example here the used continue to be meaningful even after replaceAllUsesWith. > It's not clear how that is better than any of the other proposals to represent constraint systems in the IR v...

...ripts use the following options: >> >> [Service] >> Type=forking >> PIDFile=/var/run/dnscrypt-cs.pid >> ExecStart=/usr/sbin/dnscrypt-proxy \ >> --daemonize \ >> --user=nobody \ >> --pidfile=/var/run/dnscrypt-cs.pid \ >> --ephemeral-keys \ >> --resolver-name=cs-fi \ >> --logfile=/tmp/cs.log \ >> --local-address=127.0.0.1:6354 >> Restart=on-abort >> >> [Service] >> Type=forking >> PIDFile=/var/run/dnscrypt-ipredator.pid >> ExecStart=/usr/sbin/dnscrypt-proxy...

...iscourse-server/viewtopic.php?f=4&t=29588#p132726 >> >> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3714 >> >> Mitigation: >> >> As a workaround the /etc/ImageMagick/policy.xml file can be edited to >> disable >> processing of MVG, HTTPS, EPHEMERAL and MSL commands within image >> files, simply >> add the following lines: >> <policy domain="coder" rights="none" pattern="EPHEMERAL" /> >> <policy domain="coder" rights="none" pattern="HTTPS" /> >&g...

http://bugzilla.mindrot.org/show_bug.cgi?id=440 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-05-15 21:16

Hi! Previously in the "Add a 'notrap' function attribute?” thread we had discussed a way to use meta-data to specify that a load does not trap under certain conditions. Andy and Hal and I talked about this more in private and I just wanted to summarize what I think we arrived at. First I’ll summarize the original !notrap meta-data, then I’ll just mention why it’s hard to get it