Displaying 7 results from an estimated 7 matches for "markzero".
Did you mean:
markers
2005 Oct 31
1
More on freebsd-update (WAS: Is the server portion of freebsd-update open source?)
> Date: Sat, 29 Oct 2005 07:34:28 -0700
> From: Colin Percival <cperciva@freebsd.org>
> Subject: Re: Is the server portion of freebsd-update open source?
> To: markzero <mark@darklogik.org>
> Cc: freebsd-security@freebsd.org
> Message-ID: <43638874.2020004@freebsd.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> markzero wrote:
> > No this isn't insufficient, what is insufficient is that I currently
> > can't r...
2005 Sep 22
2
Tunnel-only SSH keys
Hello.
I once read somewhere that it's possible to limit SSH pubkeys to
'tunnel-only'. I can't seem to find any information about this
in any of the usual places.
I'm going to be deploying a few servers in a couple of days and
I'd like them to log to a central server over an SSH tunnel (using
syslog-ng) however I'd like to prevent actual logins (hence
2005 Oct 28
2
Is the server portion of freebsd-update open source?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm wondering if/where I can get the server side component for
freebsd-update. Presumably such a component would build and sign the
binary patches and prepare them to be served via HTTP to the
freebsd-update client.
I need a system for distributing binary updates to a collection of
customized FreeBSD machines, jails, and embedded systems.
2005 Apr 28
1
make installworld, permissions and labels
Just a quick question,
My system is quite heavily customised with regard to permissions
and MAC labels on system binaries. Is there any way to stop
make installworld resetting all my customisation? At the moment
I have a set of scripts to set permissions on everything but that's
not exactly ideal.
Mark
--
PGP: http://www.darklogik.org/pub/pgp/pgp.txt
B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F
2005 Sep 22
7
Mounting filesystems with "noexec"
Hello,
I've been playing a bit with the "noexec" flag for filesystems. It
can represent a substantial obstacle against the exploitation of
security holes.
However, I think it's not perfect yet.
First thing, an attempt to execute a program from a noexec-mounted
filesystem should be logged. It is either a very significant security
event, or it can drive nuts an
2005 Jul 21
7
FW: Adding OpenBSD sudo to the FreeBSD base system?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I really do not agree with adding it to the base system.
Just because you guys use sudo does not mean other people do.
In fact many people do not have a use for sudo at all.
Not every one gives out root accounts. You are only adding another utility
In that can possibly be used to escalate privileges.
Every time I secure a system I spend some time
2005 Nov 26
7
Reflections on Trusting Trust
or "How do I know my copy of FreeBSD is the same as yours?"
I have recently been meditating on the issue of validating X.509
root certificates. An obvious extension to that is validating
FreeBSD itself.
Under "The Cutting Edge", the handbook lists 3 methods of
synchronising your personal copy of FreeBSD with the Project's copy:
Anonymous CVS, CTM and CVSup. There are