search for: priveledg

Displaying 20 results from an estimated 27 matches for "priveledg".

Did you mean: priveledge
2010 Sep 05
0
[PATCH] vhost: fix attach to cgroups regression
Since 2.6.36-rc1, non-root users of vhost-net fail to attach if they are in any cgroups. This is a regression, and libvirt actually uses this functionality, as it runs qemu with reduced priveledges. The bug is that when qemu uses vhost, vhost wants to attach its thread to all cgroups that qemu has. But we got the API backwards, so a non-priveledged process (qemu) tried to control the priveledged one (vhost), which fails. Fix this using the new cgroup_attach_task_all, and running it from...
2010 Sep 05
0
[PATCH] vhost: fix attach to cgroups regression
Since 2.6.36-rc1, non-root users of vhost-net fail to attach if they are in any cgroups. This is a regression, and libvirt actually uses this functionality, as it runs qemu with reduced priveledges. The bug is that when qemu uses vhost, vhost wants to attach its thread to all cgroups that qemu has. But we got the API backwards, so a non-priveledged process (qemu) tried to control the priveledged one (vhost), which fails. Fix this using the new cgroup_attach_task_all, and running it from...
2004 Aug 06
2
URGENT: icecast 1.3.12 released
...st 1.3.12 fixes the current known exploit for icecast as well as closing many other potential holes. Thanks to diz for the original report and analysis and to dave from jetcafe.org for a comprehensive prophylatic patch. <p>Again, I warn: DO NOT RUN ICECAST AS ROOT. DO NOT RUN ICECAST AS A PRIVELEDGED USER. <p>If you have been running icecast as root, there is an exploit in the wild. Please take appropriate measures to ensure you weren't affected. jack. --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe fr...
2004 Aug 06
2
URGENT: icecast 1.3.12 released
...st 1.3.12 fixes the current known exploit for icecast as well as closing many other potential holes. Thanks to diz for the original report and analysis and to dave from jetcafe.org for a comprehensive prophylatic patch. <p>Again, I warn: DO NOT RUN ICECAST AS ROOT. DO NOT RUN ICECAST AS A PRIVELEDGED USER. <p>If you have been running icecast as root, there is an exploit in the wild. Please take appropriate measures to ensure you weren't affected. jack. --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe fr...
2004 Jan 27
3
OpenSSH - Connection problem when LoginGraceTime exceeds time
...change_identification: Connection closed by remote host" and closed. Source code of OpenSSH shows that SSH uses alarm/SIGALRM to implement the LoginGraceTime. When using priviledged separation, the priviledged process receives the alarm signal and exits when the time expires. However, the non-priveledged sshd process remains connected until the client sends some data or the client disconnects. Without priviledged separation, the sshd process receives the alarm signal and exits. No other processes remain. Any help to fix this problem? Advance Thanks, Kumaresh. --- Outgoing mail is certified...
2004 Aug 06
1
URGENT: icecast 1.3.12 released
...> >closing many other potential holes. > > > >Thanks to diz for the original report and analysis and to dave from > >jetcafe.org for a comprehensive prophylatic patch. > > > > > >Again, I warn: DO NOT RUN ICECAST AS ROOT. DO NOT RUN ICECAST AS A > >PRIVELEDGED USER. > > > > > >If you have been running icecast as root, there is an exploit in the > >wild. Please take appropriate measures to ensure you weren't affected. > > > >jack. > > > >--- >8 ---- > >List archives: http://www.xiph.org/arch...
2003 Mar 16
2
local user admin rights on samba pdc
...r that user > but what is the best method on doing this? > If I try to access softare by logging in as root on the win2k boxon > the pdc domain it still prevents me from installing a palm pilot or > running some particular software. > All of the software that needs some sort of admin priveledges work > fine if you logon as administrator to the local machine. Domain users are common users with limited privileges. This is by design and affects pure Windows domains also. Several non MS software products are written pretty badly and rely on changes to be written to system registry but co...
2001 May 04
1
RSARhosts / Hostbased auth and euid=0 requirement
...insecure if someone is stupid enough to export their key files via NFS or some other such sillyness, but is safe for sane admins. If we do both of the above, ssh can be setgid ssh, and optionally use different keys for client and server identification. Host-based auth now works without a root-priveledged client. Damage from a security issue in ssh is limited to spoofing a trusted host, instead of total system compromise. I'm happy to write the code changes, but wanted to run this up the flagpole first to see if there was strong resistance. -- Carson
2018 Dec 24
2
[PATCH net-next 0/3] vhost: accelerate metadata access through vmap()
...t;> Please notice we only access metdata through remapping not the data itself. >> This idea has been used for high speed userspace backend for years, e.g >> packet socket or recent AF_XDP. > I think their justification for the higher risk is that they are mostly > designed for priveledged userspace. I think it's the same with TUN/TAP, privileged process can pass them to unprivileged ones. > >> The only difference is the page was remap to >> from kernel to userspace. > At least that avoids the g.u.p mess. I'm still not very clear at the point. We on...
2018 Dec 24
2
[PATCH net-next 0/3] vhost: accelerate metadata access through vmap()
...t;> Please notice we only access metdata through remapping not the data itself. >> This idea has been used for high speed userspace backend for years, e.g >> packet socket or recent AF_XDP. > I think their justification for the higher risk is that they are mostly > designed for priveledged userspace. I think it's the same with TUN/TAP, privileged process can pass them to unprivileged ones. > >> The only difference is the page was remap to >> from kernel to userspace. > At least that avoids the g.u.p mess. I'm still not very clear at the point. We on...
2018 Dec 14
3
[PATCH net-next 0/3] vhost: accelerate metadata access through vmap()
On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: > On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: >> Hi: >> >> This series tries to access virtqueue metadata through kernel virtual >> address instead of copy_user() friends since they had too much >> overheads like checks, spec barriers or even hardware feature >> toggling. > Userspace accesses
2018 Dec 14
3
[PATCH net-next 0/3] vhost: accelerate metadata access through vmap()
On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: > On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: >> Hi: >> >> This series tries to access virtqueue metadata through kernel virtual >> address instead of copy_user() friends since they had too much >> overheads like checks, spec barriers or even hardware feature >> toggling. > Userspace accesses
2018 Dec 14
0
[PATCH net-next 0/3] vhost: accelerate metadata access through vmap()
...teach otherwise. > Please notice we only access metdata through remapping not the data itself. > This idea has been used for high speed userspace backend for years, e.g > packet socket or recent AF_XDP. I think their justification for the higher risk is that they are mostly designed for priveledged userspace. > The only difference is the page was remap to > from kernel to userspace. At least that avoids the g.u.p mess. > > > I don't > > like the idea I have to say. As a first step, why don't we switch to > > unsafe_put_user/unsafe_get_user etc? &gt...
2011 May 26
1
Error when changing domain password in Windows XP
Hi list I'm have a samba (2:3.5.4~dfsg-1ubuntu8.4) domain with LDAP backend and I'm getting the following error when I try to change my domain password via Windows XP: "The User name or old password is incorrect. Letters in passwords must be typed using the correct case". The password is typed correctly and it does get changed in LDAP though. This snippet from the log may
2015 Nov 11
2
[PATCH v3 0/3] virtio DMA API core stuff
On Wed, 2015-11-11 at 07:56 -0800, Andy Lutomirski wrote: > > Can you flesh out this trick? > > On x86 IIUC the IOMMU more-or-less defaults to passthrough. If the > kernel wants, it can switch it to a non-passthrough mode. My patches > cause the virtio driver to do exactly this, except that the host > implementation doesn't actually exist yet, so the patches will
2015 Nov 11
2
[PATCH v3 0/3] virtio DMA API core stuff
On Wed, 2015-11-11 at 07:56 -0800, Andy Lutomirski wrote: > > Can you flesh out this trick? > > On x86 IIUC the IOMMU more-or-less defaults to passthrough. If the > kernel wants, it can switch it to a non-passthrough mode. My patches > cause the virtio driver to do exactly this, except that the host > implementation doesn't actually exist yet, so the patches will
2003 Mar 14
2
Samba PDC and MMC - Problems changing password of services
Hy, im using Samba as PDC. When im logging into another W2K machine with MMC an try to change the password of a service, windows is bringing up the error: "A device attached to the system is not functioning." To be exact, this is error: Winerror.h, 0x000001f = 31 (ERROR_GEN_FAILURE) If you change the Password of the service on the machine itself (sitting in front of the machine)
2005 Jul 22
0
winbbind not quiried by nsswitch on solaris 8
...wins support = no wins proxy = no dns proxy = No wins server = domain_controller_name name resolve order = wins hosts bcast guest account = smbuser mangling method = hash2 # ^ Make sure this is set to 'hash2' as 'hash' had priveledge elevation vuln on Solaris # Winbind settings winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind enable local accounts = Yes winbind use default domain = Yes #...
2003 Dec 29
1
Open Source W2k Policy Implementation (was Re: Windows2000 policies in a Samba PDC)
...them w/o NT4 installed). I've begun thinking an expandable architecture based on an open-source NT service installed on the clients could help us solve many of the problems we're still relying on NT tools for. This could possibly even allow us to implement new ideas since we would have a priveledged executable running on the workstations. However, I'm merely thinking at this point, and I don't want to re-invent the wheel either (well, anyone but Microsoft's wheel, as their tools are becoming dated and may not be supported in future Windows desktop releases). If someone has a wa...
1996 Nov 14
0
Re: Re: t bit and symlinks patch
...vironment variable creates many posible exploits. When the translation is enabled, it is even more important than usual to protect the directories (as well as the files) in: - /etc tree - /usr tree and all other sources of executables - /tmp and other shared directories - User''s (priveledged and unpriveledged) home directories. dot files are now vulnerable even if they exist and have strict permissions. As far as implementation, I also find kernel routines which return strings by returning pointers to statically allocated characters to be a BAD IDEA(tm). Are these patches...