search for: loophol

Hi, I am considering installing several `servers' in a facility that needs to conform with the products listed at: DSD Approved Products http://www.dsd.gov.au/infosec/evaluation_services/epl/dap.html As far as i can see freebsd performs above and beyond, for all the required criteria in the act. Can we see freebsd listed as an approved product in the near future? Best Regards, Jason - RF

Hello everybody, I've setup a file server with Debian GNU/Linux (Sarge) and Samba v3.0.10 with ACL, Kerberos etc... so I can join the Windows 2000 domain. I can use users from domain on file server without problems and Windows 2000, XP clients can access Samba shares. But when I try to connect to \\fs from Windows 98 client (in domain) it requests password from me (\\fs\IPC$). I have

...o what I could achieve with Postfix and policyd. More specifically, the quota I am most interested in, is limiting the number of messages a single account can send within a given timeframe. Ideally, I'd also like to limit the number of total recipients within a given timeframe, to mitigate the loophole of adding multiple recipients to a single message. Example: account Y is allowed to send 500 messages per 60 minutes, with a maximum of 2000 recipients overall. What would be the best path to take? Thanks! Gerry

...n any single workstation, he can modify the mapping at will to get root access to the entire domain. The only remedy I can see is to disallow root access on all workstations (which is a very undesirable fact). Are I am missing something, or is there a different setup possible to omit this security loophole? Regards, Roland

...w' method then fails somewhat deep in a subsequently-called coercion method. library(Matrix) test <- Matrix(1:4+0.1, nrow = 2, dimnames = list(letters[1:2], LETTERS[1:2])) test at Dimnames <- list(1:100) test direct slot access (without a validity check) seems an easily accessible loophole to S4 object "guarantees". franklin parlamis

Hi all, I have tried to install this beta release on PWS 433 au but I can not boot /kernels/vmlinux.gz image. Error is: "unsupported compressed image". Is not posible to install under this Alpha model?? Thank you. __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ?gratis! Reg?strate ya -

...of 2.2dBi, we're talking about 22.2dBm - that's nearly 200mW of power radiating out of the phone. At 2.4GHz, it has higher penetration power than cells phones. My question: Does anyone know if cell phone SAR rules apply to WiFi phones as well? Over here in Singapore, there seems to be a loophole. As long as your equipment is in 2.4GHz, approval is not required if Tx power is <200mW.

...t will behoove each member treat others with respect and to oppose unacceptable actions. When the enforcement of such standards comes from the genuine conviction, and not simply from a document, it strenghtens the community as a whole. Pointing to a document only invites searching for potential loopholes. -Krzysztof -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

I''m an experienced programmer, but new to Rails. I would like to echo an unanswered question I''ve recently read elsewhere. Can any recommend an overview of get/post, cookies, sessions, etc., and how Ruby on Rails interacts with all of this? I''m interested in understanding how to harden a Rails application Regards -- Dave

...ailures, as there is no way to say "which" fixtures to load first. Within an actual functional or unit test case, you could simply load them in the proper order, but I''m not doing any tests yet, but simply using the fixture data for development purposes. Either there is a major loophole in this process, or, I''m totally approaching this wrong. I''m voting for the latter :) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060222/579afeb9/attachment.html

...t of the open source code project in the community are full of bugs, I am pretty regret about this." Here's proof they use 3.6.23: Server Comment --------- ------- ARIES-1L9YS2O8 Samba 3.6.23 It's obvious they are using various loopholes to avoid sharing the GPL source code used in their products, and they only share the kernel, nothing else. They probably also violate busybox, as their embedded linux platform runs a dropbear (SSH-2.0-dropbear_2012.55), but the root password is not known, so the only way to know what other packag...

...??bash???pstree ? ??sshd???sshd ??systemd-logind ??systemd-udevd ??upstart-file-br ??upstart-socket- ??upstart-udev-br If I disable Privilege Seperation ("UsePrivilegeSeperation no") in sshd config then the problem goes away but that opens up a security loophole where the process is running at root privilege even prior to authentication. What do you guys think? Have others come across this? Is there a patch available for this? Thanks, Kam

...x.bin (4.07) to a really high LBA address and boot >> without any issue. (Load LBA: 2048034 (0x001f4022)) ~4G > > This is riddling, given the statement of hpa that the > boot images are identical up to the point where Carl's > boot procedure fails. > There seems to be some loophole in the identity. > > Another possibility could be that not the whole address > range above 128 MB is poisonous, but only particular > intervals. > Gerardo: did you really try 4.07 with exactly the same boot > image LBA as 6.02 ? Yes, same LBA offset for isolinux.bin for 4.07 an...

...others with > respect and to oppose unacceptable actions. When the enforcement > of such standards comes from the genuine conviction, and not > simply from a document, it strenghtens the community as a whole. > Pointing to a document only invites searching for potential loopholes. > > -Krzysztof > > -- > Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, > hosted by The Linux Foundation > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org <ma...

...PE > 2. Transfer ownership of the relevant patent(s) to the NPE > 3. Contribute code to LLVM that infringes the patent, safely abiding by > the terms that they’re licensing all of the patents that they own. > 4. Watch the NPE sue everyone and laugh. > There are literally attempts at loopholes one could play with literally every legal scenario ever, no matter what is done. I'll go further: It's literally not possible to have a GPL compatible license and avoid some of these loopholes. That is the price we pay > > The Apache 2 License does nothing to prevent this, though...

On 11/25/2013 08:40 AM, Thomas Schmitt wrote: > Hi, > > Ady wrote: >> I guess that being isolinux.bin 4.07 smaller than 32KiB (24KiB), >> while isolinux.bin 6.02 being bigger (42KiB), and with the addition >> of multiple alternative boot images in the same ISO, the chances of >> isolinux.bin being located on a higher sector in the media seem to be >>

Hi Darren/Damien, Sorry for responding so late. Still hope we can get this sorted out. Yes I am indeed using PAM for ssh authentication and disabling priv seperation is a no-go for us since it opens up a security loophole. From what I can see in ptree and auth logs, when the child passwd process returns with SIGCHLD, the parent sshd process terminates. Sshd logs are as follows as requested at DEBUG3 verbosity. They indicate the ssh, followed by the password change and finally termination of connection: Dec 16 22...

...d shifted by some amount). Eg, if in pseudo IR we have: %funnel_shift = fshl %x, %y, %sh ; this is problematic because either x or y can be poison, but we may not touch the poison when sh==0 %rotate = fshl %x, %x, %sh ; if x is poison, the op is unquestionably producing poison; there's no sh==0 loophole here On Mon, Feb 25, 2019 at 1:12 PM Nuno Lopes <nunoplopes at sapo.pt> wrote: > Thanks Sanjay! > > I did a quick study of these funnel shifts: > The generic lowering to SDAG is correct for the optimization below. It > actually stops poison if shift amount is zero: >...

> On Nov 1, 2016, at 12:21 PM, Joerg Sonnenberger via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > On Mon, Sep 12, 2016 at 09:16:47AM -0700, Chris Lattner via llvm-dev wrote: >> The goals of this effort are outlined in the previous email but, in short, we aim to: >> - encourage ongoing contributions to LLVM by preserving low barrier to entry for contributors.

...; Eg, if in pseudo IR we have: > %funnel_shift = fshl %x, %y, %sh ; this is problematic because either x or > y > can be poison, but we may not touch the poison when sh==0 > %rotate = fshl %x, %x, %sh ; if x is poison, the op is unquestionably > producing poison; there's no sh==0 loophole here > > > > On Mon, Feb 25, 2019 at 1:12 PM Nuno Lopes <nunoplopes at sapo.pt> wrote: > Thanks Sanjay! > > I did a quick study of these funnel shifts: > The generic lowering to SDAG is correct for the optimization below. It > actually stops poison if shift amount...