search for: subverts

Hi all, (1) I wish to mount a SMB share onto my Linux filesystem. When I mount the share, it modifies the permissions on the "mounting directory" allowing other users to gain access to the share, masquerading as the mounting user. Lucky it doesn't give write access to anyone, but read access is bad enough. Can anyone explain this behaviour? (Example transcript provided below)

On 21.10.24 20:26, Chris Green wrote: > I have a small LAN at home with nine or ten systems on it running > various varieties of Linux. I 'do things' on the LAN either from my > dekstop machine or from my laptop, both run Xubuntu 24.04 at the > moment. > > There's a couple of headless systems on the LAN where login security > is important to me and I've been

On Tue, Jan 21, 2020 at 11:08:51AM +1100, Damien Miller wrote: > So IMO disallowing session multiplexing is at most a speedbump that an > attacker will cross with relative ease. Speedbumps make sense sometimes, An attacker getting root on the jumphost gets immediate control of any _current_ persistent connections and new connections. Without ControlMaster it's a _lot_ harder to take

On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison <jrd at gerdesas.com> wrote: > On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote: >> >> Umm, yeah. Encrypted protocols would never be compromised.... > > Which do you think is more likely? Someone sniffing a cleartext > credential set on the wire or someone subverting an alleged "secure" >

Hi everyone, I have a separate internal system running on a different host that needs to put an administrative email into a user?s inbox. I?ve been playing around with the ?doveadm mailbox save? command via Doveadm?s HTTP API (https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save <https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-mailbox-save>). This

(I apologise if this has already been reported - the archive isn't very searchable.) At present the NOESCAPE keyword seems rather useless, because a boot prompt is offered whenever attempts to load a boot image is interrupted using <Ctrl>C. Intuitively, I would expect "NOESCAPE 1" to lock this down also, and that {sys,pxe,iso.ext}linux would simply fall through to the

I have the Official Samba 3 and Samba-3 by example books, although not the second edition copies. But I can't seem to find out how to push out patches and hotfixes with Samba. Is this not possible at this time? I don't have a lot of experience with Windows but I am going to have to deal with this issue soon. I think I understand that pushing out policies is possible. Is Microsoft

Hi, This question is raised from the following example: int foo (const int a[], int b[]) { ... b[i] = … … } Basically a[] is defined as read-only while b[] will be explicitly modified in the function. At the first glance, they can not be alias but it seems that we can not figure out the alias info between them now which prevent us from doing some optimizations. Here is the

As I said, there is stuff that I don't understand in here.... (including why browsers apparently do trust alternative chains) -pd > On 10 Jun 2020, at 01:53 , Simon Urbanek <simon.urbanek at R-project.org> wrote: > > You are making a very strong assumption that finding an alternative chain of trust is safe. I'd argue it's not - it means that an adversary could

On 5 December 2014 at 06:49, Sean Silva <chisophugis at gmail.com> wrote: > > > On Wed, Dec 3, 2014 at 4:23 AM, Robert Lougher <rob.lougher at gmail.com> > wrote: >> >> Hi, >> >> In feedback from game studios a common issue is the replacement of >> loops with calls to memcpy/memset. These loops are often >> hand-optimised, and

...each of these steps explicit PR’s, they get individual testing (when we have integrated presubmit testing, which we’ll hopefully get to), code reviewers are reviewing each atomic step (and not the result of a bunch of walk), etc. In my opinion, bundling up many small patches into a single large PR subverts a lot of the goals of incremental development. It is better to propose the small patches as individual patches. -Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20191107/42b90ae8/attachment.html>

Hello! I saw your post to the mailing list (http://www.dovecot.org/list/dovecot/2006-January/010968.html) where you write "A description for pine with imap acces without entering any password is also discussed.", but I didn't find such description in this post. Would you be so kind to point me to some source where it is explained - currently users have to insert the

I suspect rsync actually *cannot* be used as a change detection tool for security purposes, but I want some help with my reasoning. Imagine a backup system that uses rsync to move files from client to a trusted server. The backup system operates in "pull" mode, and the backup server uses rsync to pull files from the client. Rsync does its magic --link-dest thing, and we detect the

Maybe what Centos needs is a bridal registry. Here in the US, an engaged couple can tell their friends what they'd like to be given as wedding presents. They do this by listing items in a registry, in various stores around town. Anyway, the idea is, post stuff you need in a list on your site. Say you need 20 hard drives, or a particular power supply, or whatever items that get consumed in

On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster <leonfauster at googlemail.com> wrote: > Am 24.11.2014 um 18:11 schrieb Frank Cox <theatre at melvilletheatre.com>: >> On Mon, 24 Nov 2014 08:46:33 -0600 >> John R. Dennison wrote: >> >>> Why are you wanting to use telnet in the first place? >> >> I don't know what his use case is, but I

Has anyone else seen this in the wild? We just had an attempted attack yesterday from a live attacker on one of our machines using this vulnerability. It wasn't all that clever, and they're long gone, but I *did* manage to catch them in the act and grab a copy of the binary they tried to run from /tmp/, as well as the PHP injection code they used to subvert a virtual web site's

We had an incident recently where an openssh client and server were replaced with trojanned versions (it has SKYNET ASCII-art in the binary, if anyone's seen it. Anyone seen the source code ?). The trojan ssh & sshd both logged host/user/password, and probably had a login backdoor. Someone asked me what was their exposure if they used public/private keys instead of passwords. My

Hi win-builder certificate expired on Aug 15. My student on the other side of the world is also seeing this problem so I think it needs to be fixed... > download.file("https://win-builder.r-project.org", "/tmp/wb.html") trying URL 'https://win-builder.r-project.org' Error in download.file("https://win-builder.r-project.org", "/tmp/wb.html") :

+cfe-dev as the discussion is now biased toward C standard. I'm not sure what problem you see here. In default mode, i.e. > when there is no "#pragma STDC FENV_ACCESS on" in effect, > then the compiler can always assume that the default rounding > mode is in effect. Well, if #pragma STDC FENV_ACCESS on is not in effect, that means > that the user has promised that at

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate