search for: tighten

On 09/08/2018 03:15 AM, Richard W.M. Jones wrote: > Previously key=value on the command line allowed the key to be pretty > much anything that didn't contain an '=' character. Even empty > strings were permitted. > > This tightens up the permitted keys so they must contain only ASCII > alphanumeric, period, underscore or dash characters, and must not be > an empty string. Do we want to further restrict things to start with a letter or underscore (and not a dot, digit, or dash)? > --- > docs/nbdkit-plugin.po...

On 9/10/18 10:27 AM, Richard W.M. Jones wrote: > Previously key=value on the command line allowed the key to be pretty > much anything that didn't contain an '=' character. Even empty > strings were permitted. > > This tightens up the permitted keys so they must contain only ASCII > alphanumeric, period, underscore or dash characters; must not be an > empty string; and must start with an ASCII alphabetic character. > --- > docs/nbdkit-plugin.pod | 24 +++++++++++++++--------- > src/main.c |...

...edded literal brackets if (a) they're properly nested; or (b) they're backslash escaped. Objections or suggestions? This change won't solve the problem for the magic implicit link references: The next line will disappear [like this]: here. One way to address this might be to tighten up the rules for what a URL is. I should also note that this entire problem has never been reported to me by anyone, so it doesn't seem to be something people are stumbling upon frequently. -J.G.

Previously key=value on the command line allowed the key to be pretty much anything that didn't contain an '=' character. Even empty strings were permitted. This tightens up the permitted keys so they must contain only ASCII alphanumeric, period, underscore or dash characters, and must not be an empty string. --- docs/nbdkit-plugin.pod | 18 ++++++++++-------- src/main.c | 32 +++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 9 deleti...

The following works fine but is there some way to make it more succinct? Thanks, Kent class obsd_etc_static { file { "/etc/mygate": owner => root, group => wheel, mode => 644, backup => main, source => "puppet://example.com/obsd_static/mygate" } file { "/etc/rc.conf": owner => root, group => wheel,

Previously key=value on the command line allowed the key to be pretty much anything that didn't contain an '=' character. Even empty strings were permitted. This tightens up the permitted keys so they must contain only ASCII alphanumeric, period, underscore or dash characters; must not be an empty string; and must start with an ASCII alphabetic character. --- docs/nbdkit-plugin.pod | 24 +++++++++++++++--------- src/main.c | 36 ++++++++++++++++++++++++...

On Tue, Jun 25, 2019 at 09:09:58PM -0500, Eric Blake wrote: >I'm not sure whether we want to go with just the first patch (reject >nbd:unix:/path but still accept nbd:/path), or squash the two in order >to go with the second (reject both abbreviated forms, and require >scheme://...). Either way, though, nbdkit -U - --run '$nbd' will now >error out rather than

This posting is off-topic because it is not about Centos. Please refrain from replying to the list as that will generate further off-topic traffic inevitably irritating subscribers. On the balance of probabilities, I think everyone will benefit from reading at least the first 6 pages of a 19 pages English criminal sentencing statement about a child, in England, successfully breaking into the home

On Sun, Jul 16, 2023 at 04:39:18PM +0000, Tage Johansson wrote: > > @@ -194,7 +198,10 @@ calls. The cookie is unique (per libnbd handle) and E<ge> 1. > > > > You may register a function which is called when the command > > completes, see L</Completion callbacks> below. In this case we have > > -specified a null completion callback. > >

Might it be possible to tighten the definition of "is.qr". I noticed that after I mistakenly typed example(lm) # make lm object named lm.D9 qr.Q(lm.D9) which exhausted the heap memory and produced two warning messages. As an object of class "lm" has a "qr" component, "is.qr" failed to...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Attached is a patch which attempts to enforce ''proper'' permissions of all files controlled directly by the puppet processes. All owners and groups are explicitly set as are all permissions. The idea is that the Puppet process configuration files should be relatively tamper resistant and at least throw a warning that the

Package: logcheck Severity: wishlist I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

On 6/26/19 4:05 AM, Martin Kletzander wrote: > On Tue, Jun 25, 2019 at 09:09:58PM -0500, Eric Blake wrote: >> I'm not sure whether we want to go with just the first patch (reject >> nbd:unix:/path but still accept nbd:/path), or squash the two in order >> to go with the second (reject both abbreviated forms, and require >> scheme://...).  Either way, though, nbdkit

At times our tftp servers are quite busy. Our network folk are rebuilding, and are anxious to tighten security. They hope to only allow tftp traffic on port 69, coming and going. This would bypass the RFC1350 client TID=ephemeral and server ACK TID=!69. Is there any chance tftpd-hpa would do this with "-R 69:69", or would this require tftpd-hpa to threaded, with a hairier connection loo...

I am used to sendmail and am using Postfix now and am uncertain of some features. I typically would comment out the line in sendmail.mc that went something like 'accept unresolvable domains' I tried using smtpd_sender_restrictions = reject_unverified_sender reject_unverified_smtp and this seems a bit too restrictive and got some bounces on legitimate senders so I'm

...- Example: the address of a local on the RHS of an assignment, the >> address of a local passed into function. > > It also sounds like it would be triggered for a lot of C++ function s that > allocates an object on the stack and call methods on them. Is it possible > to tighten up the heuristic slightly so that this isn't the case? I don't see any inherent difference (for this purpose) between void foo() { int x; someFunc(&x); } and void foo() { SomeClass x; x.someNonStaticMethod(); } It's just that C++ is so good...

...table, and we should give ourselves the freedom > to implement all the optimizations within that spec which existing applications > rely on for performance. I agree with Chandler. Also, don't forget that the safest way to proceed is to start with a permissive interpretation of flags and tighten then up later. For example, suppose we start with an fpaccuracy of "fast" meaning: ignore NaN's, ignore infinities, do whatever you like; and then later tighten it to mean: do the right thing with NaN's and infinities, only introduce a bounded number of ULPs of error. Then this...

On 7/14/2023 4:13 PM, Eric Blake wrote: > On Fri, Jul 14, 2023 at 09:13:42AM +0200, Laszlo Ersek wrote: >> On 7/13/23 21:29, Eric Blake wrote: >>> The documentation has claimed since commit 6f4dcdab that any >>> completion callback will be called exactly once; but this is not >>> consistent with the code: if nbd_aio_* itself returns an error, then >>>

...ftp. However, tftp also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) In an effort to limit the secondary ports that are opened, some Windows based tftp server such as the winagents product allows you to limit the range of secondary ports that are used allowing you to somewhat tighten firewall publishing rules. Does anyone know how to do this using the linux tftp server? Thanks, Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050803/124042fc/attachment.htm

I have a 7921 wireless phone working with Asterisk, and I want to tighten the wide open port range of my IPTABLES now. I tried allowing only SCCP port (2000) in/out and found that my audio was gone. A quick look at my iptables message shows source port 15886 and dest port 25968 used: FORWARD - Drop: IN=eth1 OUT=eth2 SRC=172.31.253.4 DST=172.31.254.102 LEN=200 TOS=0...