search for: priveledges

Since 2.6.36-rc1, non-root users of vhost-net fail to attach if they are in any cgroups. This is a regression, and libvirt actually uses this functionality, as it runs qemu with reduced priveledges. The bug is that when qemu uses vhost, vhost wants to attach its thread to all cgroups that qemu has. But we got the API backwards, so a non-priveledged process (qemu) tried to control the priveledged one (vhost), which fails. Fix this using the new cgroup_attach_task_all, and running it from th...

Since 2.6.36-rc1, non-root users of vhost-net fail to attach if they are in any cgroups. This is a regression, and libvirt actually uses this functionality, as it runs qemu with reduced priveledges. The bug is that when qemu uses vhost, vhost wants to attach its thread to all cgroups that qemu has. But we got the API backwards, so a non-priveledged process (qemu) tried to control the priveledged one (vhost), which fails. Fix this using the new cgroup_attach_task_all, and running it from th...

Icecast 1.3.12 fixes the current known exploit for icecast as well as closing many other potential holes. Thanks to diz for the original report and analysis and to dave from jetcafe.org for a comprehensive prophylatic patch. <p>Again, I warn: DO NOT RUN ICECAST AS ROOT. DO NOT RUN ICECAST AS A PRIVELEDGED USER. <p>If you have been running icecast as root, there is an exploit in

Icecast 1.3.12 fixes the current known exploit for icecast as well as closing many other potential holes. Thanks to diz for the original report and analysis and to dave from jetcafe.org for a comprehensive prophylatic patch. <p>Again, I warn: DO NOT RUN ICECAST AS ROOT. DO NOT RUN ICECAST AS A PRIVELEDGED USER. <p>If you have been running icecast as root, there is an exploit in

Hello, This problem is regarding the configuration directive called 'LoginGraceTime'. Problem Description: Tests were done with OpenSSH -3.6.1p2 and 3.7.1p2 on HP-UX. sshd is started with LoginGraceTime as 1 minute.Three windows were used to initiate the ssh client.After launching two clients wait for a sometime without issuing the password so it exceeds the grace period for login.when

I updated my spec file and RPM's to use the new release, if you want them they're available at http://urgent.rug.ac.be/thomas/icecast/ Feedback is welcomed of course. Thomas > Dear Jack -- > > On behalf of Icecasters everywhere, thanks for the ultra-fast update!!! > > I'm also now running safely as non-root, thanks to your advice. > > Roy > > At 05:05

...r that user > but what is the best method on doing this? > If I try to access softare by logging in as root on the win2k boxon > the pdc domain it still prevents me from installing a palm pilot or > running some particular software. > All of the software that needs some sort of admin priveledges work > fine if you logon as administrator to the local machine. Domain users are common users with limited privileges. This is by design and affects pure Windows domains also. Several non MS software products are written pretty badly and rely on changes to be written to system registry but comm...

I'm not happy with ssh being setuid root. I know that the long-term goal is to have a seperate host-key-management process, but that is a ways off. Until then, I'd like to propose the following: - Allow ssh to read alternate key files. This would allow the ssh client to use keyfiles different from the ones sshd uses. I know that this can be done now by changing the ones sshd uses,

On 2018/12/14 ??8:33, Michael S. Tsirkin wrote: > On Fri, Dec 14, 2018 at 11:42:18AM +0800, Jason Wang wrote: >> On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: >>> On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: >>>> Hi: >>>> >>>> This series tries to access virtqueue metadata through kernel virtual >>>> address

On 2018/12/14 ??8:33, Michael S. Tsirkin wrote: > On Fri, Dec 14, 2018 at 11:42:18AM +0800, Jason Wang wrote: >> On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: >>> On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: >>>> Hi: >>>> >>>> This series tries to access virtqueue metadata through kernel virtual >>>> address

On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: > On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: >> Hi: >> >> This series tries to access virtqueue metadata through kernel virtual >> address instead of copy_user() friends since they had too much >> overheads like checks, spec barriers or even hardware feature >> toggling. > Userspace accesses

On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: > On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: >> Hi: >> >> This series tries to access virtqueue metadata through kernel virtual >> address instead of copy_user() friends since they had too much >> overheads like checks, spec barriers or even hardware feature >> toggling. > Userspace accesses

On Fri, Dec 14, 2018 at 11:42:18AM +0800, Jason Wang wrote: > > On 2018/12/13 ??11:27, Michael S. Tsirkin wrote: > > On Thu, Dec 13, 2018 at 06:10:19PM +0800, Jason Wang wrote: > > > Hi: > > > > > > This series tries to access virtqueue metadata through kernel virtual > > > address instead of copy_user() friends since they had too much > >

Hi list I'm have a samba (2:3.5.4~dfsg-1ubuntu8.4) domain with LDAP backend and I'm getting the following error when I try to change my domain password via Windows XP: "The User name or old password is incorrect. Letters in passwords must be typed using the correct case". The password is typed correctly and it does get changed in LDAP though. This snippet from the log may

On Wed, 2015-11-11 at 07:56 -0800, Andy Lutomirski wrote: > > Can you flesh out this trick? > > On x86 IIUC the IOMMU more-or-less defaults to passthrough. If the > kernel wants, it can switch it to a non-passthrough mode. My patches > cause the virtio driver to do exactly this, except that the host > implementation doesn't actually exist yet, so the patches will

On Wed, 2015-11-11 at 07:56 -0800, Andy Lutomirski wrote: > > Can you flesh out this trick? > > On x86 IIUC the IOMMU more-or-less defaults to passthrough. If the > kernel wants, it can switch it to a non-passthrough mode. My patches > cause the virtio driver to do exactly this, except that the host > implementation doesn't actually exist yet, so the patches will

Hy, im using Samba as PDC. When im logging into another W2K machine with MMC an try to change the password of a service, windows is bringing up the error: "A device attached to the system is not functioning." To be exact, this is error: Winerror.h, 0x000001f = 31 (ERROR_GEN_FAILURE) If you change the Password of the service on the machine itself (sitting in front of the machine)

Afternoon to all, I am having the following problem for 3 days now and am starting to bang head against wall :) Here is the setup : Solaris 8 box running Samba 3.0.4 server member in an NT 4 style domain I have managed to get it to join the domain and if I create a corresponding account on the sunbox (without password) users are able to log into shares with appropriate passwords and other

John, What I've done so far is mostly a hack. I've implemented some custom VBS scripts at login to install software (that only works part of the time because my method for granting the users admin priviledges is a UI based VBS hack which types the password in for them from an encrypted VBS script) and I've yet to implement any Windows policies as I've not been motivated enough to

The context dependent files, as they appear to be implemented in the transname patch, looks like a source of security holes. Do not enable the transname patch without limiting its effect to a single group (a compile time option). Many of the possible exploits involve creating files with the for /targetfilepath#hostname=myhost# where myhost is the local machine. In general, if you have access to