Displaying 20 results from an estimated 132 matches for "rgrav".
2012 Jun 08
13
Default password hash
...D SEMANTICS'' section of getcap(3) for more escape sequences).
default:\
- :passwd_format=md5:\
+ :passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
DES
--
Dag-Erling Sm?rgrav - des@des.no
2007 May 19
2
PAM exec patch to allow PAM_AUTHTOK to be exported.
I figure some one here may find this interesting. I just begun work
on allowing a smb home directory to be automounted upon login.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_exec.c.diff
Type: text/x-patch
Size: 213 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070519/19e6bd01/pam_exec.c.bin
2003 Jul 11
3
Login.Access
Login seems to be ignoring my /etc/login.access settings.
I have the following entries (see below) in my login.access, yet any new
user (not in the wheel group) is still allowed to login. What am I missing?
# $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $
#
-:ALL EXCEPT wheel:console
-:ALL EXCEPT wheel:ALL
Thanks,
--
Scott Gerhardt, P.Geo.
Gerhardt Information
2016 Mar 04
2
Using 'ForceCommand' Option
...otice (/etc/issue). But I
> also want to get the user to actually confirm (by typing 'y') that
> they accept. If they try to exit or type anything other than 'y' they
> will be denied access.
It is relatively trivial to write a PAM module to do that.
DES
--
Dag-Erling Sm?rgrav - des at des.no
2004 Feb 26
2
HEADS UP: OpenSSH 3.8p1
...ion 2
or keyboard-interactive authentication, the recommended measures are:
1) get a better client
2) get a better client (I mean it)
3) get a better client (for real this time!)
and as a last resort
4) enable procol version 1 and password authentication in sshd_config
DES
--
Dag-Erling Sm?rgrav - des@des.no
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
> > X11Forwarding enabled by default.
> I'm not sure I see your point.
With X11Forwarding off by default, one would assume that it is only
enabled on a case-by-case basis for u...
2006 Jan 17
3
Kriging for d>3
Hi,
I'm looking for software that can perform kriging on systems with dimensionality higher than 3, say d=5.
Are anyone aware of packages in R that can do this?
Thanks,
Eivind Sm??rgrav
-------------------------------------------------------------------
The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only. Any unauthorised use, dissemination of the
information or copying of this message is prohibited. If you are not the
addressee,...
2016 Mar 05
2
Using 'ForceCommand' Option
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > It is relatively trivial to write a PAM module to do that.
> Which will have the relevant configuration overwritten and disabled
> the next time you run "authconfig" on Red Hat based sysems. I'm not
> sure if this occurs with other syst...
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
...mal circumstances a
> connection with X11 forwarding enabled wouldn't be owned by a user who
> already has normal system privileges for ssh, sftp, and scp access.
Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
X11Forwarding enabled by default.
DES
--
Dag-Erling Sm?rgrav - des at des.no
2008 Jul 09
2
loginmsg bug
...name is safe, since at this point we know the account exists). The
question is, what does loginmsg contain before do_authloop()?
Can loginmsg at this point contain the "Last login" text? That one's
unsafe since it contains the result of a reverse DNS lookup.
DES
--
Dag-Erling Sm?rgrav - des at des.no
2008 Aug 15
2
SSH Command Line Password Support
Hello,
I am interested in an ssh that is not interactive in requesting the password, i.e, whereas I can specify the password in the command line when calling SSH.
I have wondered how such a feature has not been included in such a good client, as it seems there are many (and I have searched for this) people require this capability for their scripts/automation.
I understand the possibility of
2012 Sep 18
8
Collecting entropy from device_attach() times.
Hi.
I experimented a bit with collecting entropy from the time it takes for
device_attach() to run (in CPU cycles). It seems that those times have
enough variation that we can use it for entropy harvesting. It happens
even before root is mounted, so pretty early.
On the machine I'm testing it, which has minimal kernel plus NIC driver
I see 75 device_attach() calls. I'm being very careful
2007 Mar 29
1
nx-bit and TPM
Hello,
I'm was looking through handbook and wikipedia and it appears FreeBSD
doesn't support hardware (nor software) nx bit.
There also doesn't seem to be any support for TPM (Trusted Platform Module).
I was wondering if it is due to a general lack of interest and/or
personal preference (gcc?) or are there other issues. The reason I'm asking
is I'm currently doing a MSc degree
2009 Sep 15
4
Protecting against kernel NULL-pointer derefs
All,
Given the amount of NULL-pointer dereference vulnerabilities in the
FreeBSD kernel that have been discovered of late, I've started looking
at a way to generically protect against the code execution possibilities
of such bugs.
By disallowing userland to map pages at address 0x0 (and a bit beyond),
it is possible to make such NULL-pointer deref bugs mere DoS'es instead
of code
2004 Feb 18
1
secuirty bug with /etc/login.access
/etc/login.access does not work 100% over ssh.
I have the following line in login.access
-:ray:ALL EXCEPT LOCAL
Which I believe means the user 'ray' can not login from anywhere unless
it is a local login.
So, I tested it over ssh from a remote box
tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au
Password:
Password:
Password:
ray@sonic.cbnmediaX.com.au's password:
Last login: Sat
2017 Aug 03
2
[PATCH] Capsicum headers
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> a few years
ago to avoid future conflicts with POSIX capabilities. There is still a
stub for compatibility, but it would be better not to rely on it.
DES
--
Dag-Erling Sm?rgrav - des at des.no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-capsicum_h.diff
Type: text/x-patch
Size: 1770 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170803/e6c485b6/attachment.bin>
2016 Jun 08
2
unbound and ntp issuse
Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> IMHO, ntp.conf need to include some numeric IP of public ntp servers.
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
DES
--
Dag-Erling Sm?rgrav - des at des.no
2016 Jun 08
2
unbound and ntp issuse
Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> IMHO, ntp.conf need to include some numeric IP of public ntp servers.
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
DES
--
Dag-Erling Sm?rgrav - des at des.no
2012 Apr 27
2
[PATCH] mux: fix memory leak of control path if bind() fails
---
mux.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/mux.c b/mux.c
index d90605e..fa796bd 100644
--- a/mux.c
+++ b/mux.c
@@ -1195,6 +1195,7 @@ muxserver_listen(void)
close(muxserver_sock);
muxserver_sock = -1;
}
+ xfree(orig_control_path);
xfree(options.control_path);
options.control_path = NULL;
options.control_master = SSHCTL_MASTER_NO;
2003 Sep 13
4
thread safe functions missing ... ?
Can anyone comment on the following results from running a test program
we've writen for PostgreSQL? Should the following be thread-safe, either
as themselves, or a different function we should be calling?
Your gethostbyname() is _not_ thread-safe
Your getpwuid() is _not_ thread-safe