search for: subvert

Hi all, (1) I wish to mount a SMB share onto my Linux filesystem. When I mount the share, it modifies the permissions on the "mounting directory" allowing other users to gain access to the share, masquerading as the mounting user. Lucky it doesn't give write access to anyone, but read access is bad enough. Can anyone explain this behaviour? (Example transcript provided below)

...ker will cross with relative ease. Speedbumps make sense sometimes, An attacker getting root on the jumphost gets immediate control of any _current_ persistent connections and new connections. Without ControlMaster it's a _lot_ harder to take control of current connections, but pretty easy to subvert new connections. So there is a benefit... but a small one. > but they must be weighed against their inconvenience. This is pretty much true of all security controls :-) -- rgds Stephen

...t;jrd at gerdesas.com> wrote: > On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote: >> >> Umm, yeah. Encrypted protocols would never be compromised.... > > Which do you think is more likely? Someone sniffing a cleartext > credential set on the wire or someone subverting an alleged "secure" > encrypted protocol? For things that matter, you should expect both. For things that don't matter, well they don't matter. -- Les Mikesell lesmikesell at gmail.com

Hi everyone, I have a separate internal system running on a different host that needs to put an administrative email into a user?s inbox. I?ve been playing around with the ?doveadm mailbox save? command via Doveadm?s HTTP API (https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save <https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save>). This

...1" to lock this down also, and that {sys,pxe,iso.ext}linux would simply fall through to the impicit or explicit ONERROR behaviour. It doesn't. This is particularly a problem for those using the password protection features of menu.c32, because access to a boot prompt will completely subvert this protection. For example, if I have a standard boot image and a password-protected privileged boot image, I can start booting the standard image, interrupt the boot, and then enter the name of the privileged image to boot it *without entering the password*. P.S. I've also noted that us...

...how to push out patches and hotfixes with Samba. Is this not possible at this time? I don't have a lot of experience with Windows but I am going to have to deal with this issue soon. I think I understand that pushing out policies is possible. Is Microsoft designing its OS intentionally to subvert what Samba can do? Thanks Doug P

...e quote from: c99 rationale, v5.10, p. 77 const is specified in such a way that an implementation is at liberty to put const objects in read-only storage, and is encouraged to diagnose obvious attempts to modify them, but is not required to track down all the subtle ways that such checking can be subverted. Our understanding is that it is user’s responsibility to guarantee that const array will not be touched in any way and if not the behavior is undefined and in this case it is safe to assume that they are not alias?

...Urbanek <simon.urbanek at R-project.org> wrote: > > You are making a very strong assumption that finding an alternative chain of trust is safe. I'd argue it's not - it means that an adversary could manipulate the chain in a way to trust it instead of the declared chain and thus subverting it. In fact switching to OpenSSL would create a serious security hole here - in particular since it installs a separate trust store which it is far more easily attacked and subverted. By your argument we should disable all SSL checks as that produces error with incorrectly configured servers so...

...improvement. > This sounds like a cop-out, but we can't share customer code (even if we could get a small runnable example). But this is all getting beside the point. I discussed performance issues to try and justify why the user should have control. That was probably a mistake as it has subverted the conversation. The blunt fact is that game developers don't like their loops being replaced and they want user control. The real conversation I wanted was what form should this user control take. To be honest, I am surprised at the level of resistance to giving users *any* control over...

...each of these steps explicit PR’s, they get individual testing (when we have integrated presubmit testing, which we’ll hopefully get to), code reviewers are reviewing each atomic step (and not the result of a bunch of walk), etc. In my opinion, bundling up many small patches into a single large PR subverts a lot of the goals of incremental development. It is better to propose the small patches as individual patches. -Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20191107/42b90ae8/attachment.html>

Hello! I saw your post to the mailing list (http://www.dovecot.org/list/dovecot/2006-January/010968.html) where you write "A description for pine with imap acces without entering any password is also discussed.", but I didn't find such description in this post. Would you be so kind to point me to some source where it is explained - currently users have to insert the

...ge. My first thought was that, rather than trusting a tripwire-type process on the client, the log information on the server can tell us what changed on client, away from the interference of master system crackers on the untrusted client. However, imagine that the client is thoroughly and deeply subverted, including the OS itself. We will call the pre-attack correct files <file>-clean, and the post-attack files <file>-evil. The client is now running OS-evil. When OS-evil is asked for a file by a clean program, it will produce the clean version, but will produce the evil version for...

...it is to be used for, and see if we like you enough to give it to you. 'Contributing members' meaning those known to the community, verifiable, and who are putting in the hours, or whatever efforts. And I'm thinking cash donations should be frowned upon because money can be so easily subverted to doing bad things in the world.

On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster <leonfauster at googlemail.com> wrote: > Am 24.11.2014 um 18:11 schrieb Frank Cox <theatre at melvilletheatre.com>: >> On Mon, 24 Nov 2014 08:46:33 -0600 >> John R. Dennison wrote: >> >>> Why are you wanting to use telnet in the first place? >> >> I don't know what his use case is, but I

...ted attack yesterday from a live attacker on one of our machines using this vulnerability. It wasn't all that clever, and they're long gone, but I *did* manage to catch them in the act and grab a copy of the binary they tried to run from /tmp/, as well as the PHP injection code they used to subvert a virtual web site's poorly-written index.php script to execute commands as a local user. Their first order of business was uname -a, and the timing of the requests appeared to be random and experimental ("cd /tmp; ls -la", a few times). If any @FreeBSD.org developers would like more...

...the compromised machine using ssh-agent ? If a user connects to a compromised machine using keys, but from an untainted client, do they need to change their keys or passphrase ? (I presume, in principle, that an attacker could steal private user keys and machine keys from a rooted server, then subvert the DNS and entice users to login to their own server instead. Though I'm not sure why they'd want to do that having got server root. Bypass a firewall, maybe.) -- Andrew Daviel, TRIUMF, Canada

...ote: > > > > > > You are making a very strong assumption that finding an alternative > > chain of trust is safe. I'd argue it's not - it means that an adversary > > could manipulate the chain in a way to trust it instead of the declared > > chain and thus subverting it. In fact switching to OpenSSL would create a > > serious security hole here - in particular since it installs a separate > > trust store which it is far more easily attacked and subverted. By your > > argument we should disable all SSL checks as that produces error with >...

+cfe-dev as the discussion is now biased toward C standard. I'm not sure what problem you see here. In default mode, i.e. > when there is no "#pragma STDC FENV_ACCESS on" in effect, > then the compiler can always assume that the default rounding > mode is in effect. Well, if #pragma STDC FENV_ACCESS on is not in effect, that means > that the user has promised that at

...l ISSA meetings, Shmoocon, and the DC3 Conference, as well as numerous US government conferences. Jake is currently pursuing a PhD in Computer Science where he is researching new techniques for botnet detection. His research interests include protocol analysis, binary analysis, malware RE methods, subverting the security of cloud technologies, and methods for identifying malware Command and Control (C2) techniques.

You are making a very strong assumption that finding an alternative chain of trust is safe. I'd argue it's not - it means that an adversary could manipulate the chain in a way to trust it instead of the declared chain and thus subverting it. In fact switching to OpenSSL would create a serious security hole here - in particular since it installs a separate trust store which it is far more easily attacked and subverted. By your argument we should disable all SSL checks as that produces error with incorrectly configured servers so...