search for: subverted

Hi all, (1) I wish to mount a SMB share onto my Linux filesystem. When I mount the share, it modifies the permissions on the "mounting directory" allowing other users to gain access to the share, masquerading as the mounting user. Lucky it doesn't give write access to anyone, but read access is bad enough. Can anyone explain this behaviour? (Example transcript provided below)

On Tue, Jan 21, 2020 at 11:08:51AM +1100, Damien Miller wrote: > So IMO disallowing session multiplexing is at most a speedbump that an > attacker will cross with relative ease. Speedbumps make sense sometimes, An attacker getting root on the jumphost gets immediate control of any _current_ persistent connections and new connections. Without ControlMaster it's a _lot_ harder to take

On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison <jrd at gerdesas.com> wrote: > On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote: >> >> Umm, yeah. Encrypted protocols would never be compromised.... > > Which do you think is more likely? Someone sniffing a cleartext > credential set on the wire or someone subverting an alleged "secure" >

Hi everyone, I have a separate internal system running on a different host that needs to put an administrative email into a user?s inbox. I?ve been playing around with the ?doveadm mailbox save? command via Doveadm?s HTTP API (https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save <https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save>). This

(I apologise if this has already been reported - the archive isn't very searchable.) At present the NOESCAPE keyword seems rather useless, because a boot prompt is offered whenever attempts to load a boot image is interrupted using <Ctrl>C. Intuitively, I would expect "NOESCAPE 1" to lock this down also, and that {sys,pxe,iso.ext}linux would simply fall through to the

I have the Official Samba 3 and Samba-3 by example books, although not the second edition copies. But I can't seem to find out how to push out patches and hotfixes with Samba. Is this not possible at this time? I don't have a lot of experience with Windows but I am going to have to deal with this issue soon. I think I understand that pushing out policies is possible. Is Microsoft

...e quote from: c99 rationale, v5.10, p. 77 const is specified in such a way that an implementation is at liberty to put const objects in read-only storage, and is encouraged to diagnose obvious attempts to modify them, but is not required to track down all the subtle ways that such checking can be subverted. Our understanding is that it is user’s responsibility to guarantee that const array will not be touched in any way and if not the behavior is undefined and in this case it is safe to assume that they are not alias?

...- it means that an adversary could manipulate the chain in a way to trust it instead of the declared chain and thus subverting it. In fact switching to OpenSSL would create a serious security hole here - in particular since it installs a separate trust store which it is far more easily attacked and subverted. By your argument we should disable all SSL checks as that produces error with incorrectly configured servers so not performing checks is better. It is true that R is likely not used for sensitive transactions, but I would rather it warned me about situations where the communication may be compromi...

...improvement. > This sounds like a cop-out, but we can't share customer code (even if we could get a small runnable example). But this is all getting beside the point. I discussed performance issues to try and justify why the user should have control. That was probably a mistake as it has subverted the conversation. The blunt fact is that game developers don't like their loops being replaced and they want user control. The real conversation I wanted was what form should this user control take. To be honest, I am surprised at the level of resistance to giving users *any* control over th...

> On Nov 7, 2019, at 5:54 PM, Daniel Sanders via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > > -1 to "squash and merge" being the only option if rebase+push (--ff-only) is possible. I'd rather we use our judgement to decide what's appropriate for the pull request at hand rather than have a blanket rule. > > Personally, if I have multiple commits

Hello! I saw your post to the mailing list (http://www.dovecot.org/list/dovecot/2006-January/010968.html) where you write "A description for pine with imap acces without entering any password is also discussed.", but I didn't find such description in this post. Would you be so kind to point me to some source where it is explained - currently users have to insert the

...ge. My first thought was that, rather than trusting a tripwire-type process on the client, the log information on the server can tell us what changed on client, away from the interference of master system crackers on the untrusted client. However, imagine that the client is thoroughly and deeply subverted, including the OS itself. We will call the pre-attack correct files <file>-clean, and the post-attack files <file>-evil. The client is now running OS-evil. When OS-evil is asked for a file by a clean program, it will produce the clean version, but will produce the evil version for mo...

...it is to be used for, and see if we like you enough to give it to you. 'Contributing members' meaning those known to the community, verifiable, and who are putting in the hours, or whatever efforts. And I'm thinking cash donations should be frowned upon because money can be so easily subverted to doing bad things in the world.

On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster <leonfauster at googlemail.com> wrote: > Am 24.11.2014 um 18:11 schrieb Frank Cox <theatre at melvilletheatre.com>: >> On Mon, 24 Nov 2014 08:46:33 -0600 >> John R. Dennison wrote: >> >>> Why are you wanting to use telnet in the first place? >> >> I don't know what his use case is, but I

Has anyone else seen this in the wild? We just had an attempted attack yesterday from a live attacker on one of our machines using this vulnerability. It wasn't all that clever, and they're long gone, but I *did* manage to catch them in the act and grab a copy of the binary they tried to run from /tmp/, as well as the PHP injection code they used to subvert a virtual web site's

We had an incident recently where an openssh client and server were replaced with trojanned versions (it has SKYNET ASCII-art in the binary, if anyone's seen it. Anyone seen the source code ?). The trojan ssh & sshd both logged host/user/password, and probably had a login backdoor. Someone asked me what was their exposure if they used public/private keys instead of passwords. My

...ould manipulate the chain in a way to trust it instead of the declared > > chain and thus subverting it. In fact switching to OpenSSL would create a > > serious security hole here - in particular since it installs a separate > > trust store which it is far more easily attacked and subverted. By your > > argument we should disable all SSL checks as that produces error with > > incorrectly configured servers so not performing checks is better. It is > > true that R is likely not used for sensitive transactions, but I would > > rather it warned me about situations...

+cfe-dev as the discussion is now biased toward C standard. I'm not sure what problem you see here. In default mode, i.e. > when there is no "#pragma STDC FENV_ACCESS on" in effect, > then the compiler can always assume that the default rounding > mode is in effect. Well, if #pragma STDC FENV_ACCESS on is not in effect, that means > that the user has promised that at

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate

...- it means that an adversary could manipulate the chain in a way to trust it instead of the declared chain and thus subverting it. In fact switching to OpenSSL would create a serious security hole here - in particular since it installs a separate trust store which it is far more easily attacked and subverted. By your argument we should disable all SSL checks as that produces error with incorrectly configured servers so not performing checks is better. It is true that R is likely not used for sensitive transactions, but I would rather it warned me about situations where the communication may be compromi...