Displaying 20 results from an estimated 138 matches for "subverted".
Did you mean:
subjected
2001 Dec 17
1
smbmount appears to subvert access permissions
Hi all,
(1) I wish to mount a SMB share onto my Linux filesystem. When I mount the share, it modifies the permissions on the "mounting directory" allowing other users to gain access to the share, masquerading as the mounting user. Lucky it doesn't give write access to anyone, but read access is bad enough.
Can anyone explain this behaviour? (Example transcript provided below)
2024 Oct 23
1
Security of ssh across a LAN, public key versus password
...efore-/after-encryption) network
communication to the contents of your screen. If that's a scenario
probable enough to make it a concern, and the consequences for the other
hosts in your LAN important enough to consider, the question to answer
is not "which auth protocol spoken *by the subverted machine* is a bit
harder to catch as well" but "how do get I get the relevant secrets
*off* that machine and into an *actually* secure location".
Thanks to Yubikeys and similar devices, that is actually feasible, but
it also makes it quite clear why *then* using keypair auth is v...
2020 Jan 21
2
Security implications of using ControlMaster
On Tue, Jan 21, 2020 at 11:08:51AM +1100, Damien Miller wrote:
> So IMO disallowing session multiplexing is at most a speedbump that an
> attacker will cross with relative ease. Speedbumps make sense sometimes,
An attacker getting root on the jumphost gets immediate control of
any _current_ persistent connections and new connections. Without
ControlMaster it's a _lot_ harder to take
2014 Nov 24
1
TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison <jrd at gerdesas.com> wrote:
> On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote:
>>
>> Umm, yeah. Encrypted protocols would never be compromised....
>
> Which do you think is more likely? Someone sniffing a cleartext
> credential set on the wire or someone subverting an alleged "secure"
>
2020 Jun 06
2
Deliver administrative message ignoring user quota
Hi everyone,
I have a separate internal system running on a different host that needs to put an administrative email into a user?s inbox.
I?ve been playing around with the ?doveadm mailbox save? command via Doveadm?s HTTP API (https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save <https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save>).
This
2005 Aug 14
1
"NOESCAPE 1" is easily escapable
(I apologise if this has already been reported - the archive isn't very
searchable.)
At present the NOESCAPE keyword seems rather useless, because a boot
prompt is offered whenever attempts to load a boot image is interrupted
using <Ctrl>C. Intuitively, I would expect "NOESCAPE 1" to lock this
down also, and that {sys,pxe,iso.ext}linux would simply fall through to
the
2005 Sep 28
2
Can Samba be used to push out updates and hotfixes to client PC's
I have the Official Samba 3 and Samba-3 by example books, although not
the second edition copies. But I can't seem to find out how to push out
patches and hotfixes with Samba. Is this not possible at this time?
I don't have a lot of experience with Windows but I am going to have to
deal with this issue soon.
I think I understand that pushing out policies is possible.
Is Microsoft
2015 Jan 09
3
[LLVMdev] Can we assume const parameter and to-be-modified parameter do not alias?
...e quote from:
c99 rationale, v5.10, p. 77
const is specified in such a way that an implementation is at liberty to put const objects in read-only storage, and is encouraged to diagnose obvious attempts to modify them, but is not required to track down all the subtle ways that such checking can be subverted.
Our understanding is that it is user’s responsibility to guarantee that const array will not be touched in any way and if not the behavior is undefined and in this case it is safe to assume that they are not alias?
2020 Jun 10
2
r-project.org SSL certificate issues
...- it means that an adversary could manipulate the chain in a way to trust it instead of the declared chain and thus subverting it. In fact switching to OpenSSL would create a serious security hole here - in particular since it installs a separate trust store which it is far more easily attacked and subverted. By your argument we should disable all SSL checks as that produces error with incorrectly configured servers so not performing checks is better. It is true that R is likely not used for sensitive transactions, but I would rather it warned me about situations where the communication may be compromi...
2014 Dec 05
4
[LLVMdev] Memset/memcpy: user control of loop-idiom recognizer
...improvement.
>
This sounds like a cop-out, but we can't share customer code (even if
we could get a small runnable example). But this is all getting
beside the point. I discussed performance issues to try and justify
why the user should have control. That was probably a mistake as it
has subverted the conversation. The blunt fact is that game
developers don't like their loops being replaced and they want user
control. The real conversation I wanted was what form should this
user control take. To be honest, I am surprised at the level of
resistance to giving users *any* control over th...
2019 Nov 08
2
Enable Contributions Through Pull-request For LLVM
> On Nov 7, 2019, at 5:54 PM, Daniel Sanders via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>
>
> -1 to "squash and merge" being the only option if rebase+push (--ff-only) is possible. I'd rather we use our judgement to decide what's appropriate for the pull request at hand rather than have a blanket rule.
>
> Personally, if I have multiple commits
2007 Oct 22
1
Migrating from UW IMAP - pine - Thunderbird - squirrelmail
Hello!
I saw your post to the mailing list
(http://www.dovecot.org/list/dovecot/2006-January/010968.html) where you
write "A description for pine with imap acces without entering any
password is also discussed.", but I didn't find such description in
this post.
Would you be so kind to point me to some source where it is
explained - currently users have to insert the
2005 Mar 07
1
rsync as a change-detecting security tool
...ge.
My first thought was that, rather than trusting a tripwire-type
process on the client, the log information on the server can tell
us what changed on client, away from the interference of master
system crackers on the untrusted client.
However, imagine that the client is thoroughly and deeply subverted,
including the OS itself. We will call the pre-attack correct files
<file>-clean, and the post-attack files <file>-evil. The client is
now running OS-evil. When OS-evil is asked for a file by a clean
program, it will produce the clean version, but will produce the
evil version for mo...
2011 Feb 22
1
funding
...it is to be used for, and see if we
like you enough to give it to you.
'Contributing members' meaning those known to the community, verifiable, and
who are putting in the hours, or whatever efforts.
And I'm thinking cash donations should be frowned upon because money can be
so easily subverted to doing bad things in the world.
2014 Nov 24
5
TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster
<leonfauster at googlemail.com> wrote:
> Am 24.11.2014 um 18:11 schrieb Frank Cox <theatre at melvilletheatre.com>:
>> On Mon, 24 Nov 2014 08:46:33 -0600
>> John R. Dennison wrote:
>>
>>> Why are you wanting to use telnet in the first place?
>>
>> I don't know what his use case is, but I
2004 Aug 11
1
FreeBSD-SA-04:13.linux in the wild
Has anyone else seen this in the wild?
We just had an attempted attack yesterday from a live attacker on one of
our machines using this vulnerability. It wasn't all that clever, and
they're long gone, but I *did* manage to catch them in the act and grab
a copy of the binary they tried to run from /tmp/, as well as the PHP
injection code they used to subvert a virtual web site's
2010 Jun 25
1
Compromised servers, SSH keys, and replay attacks
We had an incident recently where an openssh client and server were
replaced with trojanned versions (it has SKYNET ASCII-art in the binary,
if anyone's seen it. Anyone seen the source code ?). The trojan ssh &
sshd both logged host/user/password, and probably had a login backdoor.
Someone asked me what was their exposure if they used public/private keys
instead of passwords.
My
2020 Aug 19
1
r-project.org SSL certificate issues
...ould manipulate the chain in a way to trust it instead of the declared
> > chain and thus subverting it. In fact switching to OpenSSL would create a
> > serious security hole here - in particular since it installs a separate
> > trust store which it is far more easily attacked and subverted. By your
> > argument we should disable all SSL checks as that produces error with
> > incorrectly configured servers so not performing checks is better. It is
> > true that R is likely not used for sensitive transactions, but I would
> > rather it warned me about situations...
2020 Mar 05
3
Should rint and nearbyint be always constrained?
+cfe-dev as the discussion is now biased toward C standard.
I'm not sure what problem you see here. In default mode, i.e.
> when there is no "#pragma STDC FENV_ACCESS on" in effect,
> then the compiler can always assume that the default rounding
> mode is in effect.
Well, if #pragma STDC FENV_ACCESS on is not in effect, that means
> that the user has promised that at
2014 Apr 09
1
FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
For even more information about "Heartbleed".
-Connie Sieh
---------- Forwarded message ----------
Date: Wed, 9 Apr 2014 12:27:54 -0500
From: The SANS Institute <NewsBites at sans.org>
Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability
FLASH NewsBites - Heartbleed Open SSL Vulnerability
FLASH NewsBites are issued only when a security event demands global and
immediate