search for: tightening

On 09/08/2018 03:15 AM, Richard W.M. Jones wrote: > Previously key=value on the command line allowed the key to be pretty > much anything that didn't contain an '=' character. Even empty > strings were permitted. > > This tightens up the permitted keys so they must contain only ASCII > alphanumeric, period, underscore or dash characters, and must not be > an

...m okay with that, but it is slightly stricter than C and Shell variables (then again, accepting '.' and '-' already makes us different). And we can always add stuff later if it proves useful (it's easier to start strict and relax later, compared to starting relaxed and then tightening down when we realize the problems it caused). > +/* When parsing plugin and filter config key=value from the command > + * line, check that the key is a simple alphanumeric with period, > + * underscore or dash. > + * > + * Note this doesn't return an error. If the key is not...

So here's an interesting bug I just discovered: [Like this][d]: [here][h]. [d]: foo [h]: bar The output here should be: <a href="foo">Like this</a>: <a href="bar">here</a>. But instead the output is completely empty. I see this bug in both Markdown.pl and PHP Markdown. The problem is that all three lines are being

Previously key=value on the command line allowed the key to be pretty much anything that didn't contain an '=' character. Even empty strings were permitted. This tightens up the permitted keys so they must contain only ASCII alphanumeric, period, underscore or dash characters, and must not be an empty string. --- docs/nbdkit-plugin.pod | 18 ++++++++++-------- src/main.c

The following works fine but is there some way to make it more succinct? Thanks, Kent class obsd_etc_static { file { "/etc/mygate": owner => root, group => wheel, mode => 644, backup => main, source => "puppet://example.com/obsd_static/mygate" } file { "/etc/rc.conf": owner => root, group => wheel,

Previously key=value on the command line allowed the key to be pretty much anything that didn't contain an '=' character. Even empty strings were permitted. This tightens up the permitted keys so they must contain only ASCII alphanumeric, period, underscore or dash characters; must not be an empty string; and must start with an ASCII alphabetic character. --- docs/nbdkit-plugin.pod

On Tue, Jun 25, 2019 at 09:09:58PM -0500, Eric Blake wrote: >I'm not sure whether we want to go with just the first patch (reject >nbd:unix:/path but still accept nbd:/path), or squash the two in order >to go with the second (reject both abbreviated forms, and require >scheme://...). Either way, though, nbdkit -U - --run '$nbd' will now >error out rather than

This posting is off-topic because it is not about Centos. Please refrain from replying to the list as that will generate further off-topic traffic inevitably irritating subscribers. On the balance of probabilities, I think everyone will benefit from reading at least the first 6 pages of a 19 pages English criminal sentencing statement about a child, in England, successfully breaking into the home

On Sun, Jul 16, 2023 at 04:39:18PM +0000, Tage Johansson wrote: > > @@ -194,7 +198,10 @@ calls. The cookie is unique (per libnbd handle) and E<ge> 1. > > > > You may register a function which is called when the command > > completes, see L</Completion callbacks> below. In this case we have > > -specified a null completion callback. > >

Might it be possible to tighten the definition of "is.qr". I noticed that after I mistakenly typed example(lm) # make lm object named lm.D9 qr.Q(lm.D9) which exhausted the heap memory and produced two warning messages. As an object of class "lm" has a "qr" component, "is.qr" failed to detect that "lm.D9" was not a "qr" object. The

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Attached is a patch which attempts to enforce ''proper'' permissions of all files controlled directly by the puppet processes. All owners and groups are explicitly set as are all permissions. The idea is that the Puppet process configuration files should be relatively tamper resistant and at least throw a warning that the

Package: logcheck Severity: wishlist I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

On 6/26/19 4:05 AM, Martin Kletzander wrote: > On Tue, Jun 25, 2019 at 09:09:58PM -0500, Eric Blake wrote: >> I'm not sure whether we want to go with just the first patch (reject >> nbd:unix:/path but still accept nbd:/path), or squash the two in order >> to go with the second (reject both abbreviated forms, and require >> scheme://...).  Either way, though, nbdkit

At times our tftp servers are quite busy. Our network folk are rebuilding, and are anxious to tighten security. They hope to only allow tftp traffic on port 69, coming and going. This would bypass the RFC1350 client TID=ephemeral and server ACK TID=!69. Is there any chance tftpd-hpa would do this with "-R 69:69", or would this require tftpd-hpa to threaded, with a hairier connection

I am used to sendmail and am using Postfix now and am uncertain of some features. I typically would comment out the line in sendmail.mc that went something like 'accept unresolvable domains' I tried using smtpd_sender_restrictions = reject_unverified_sender reject_unverified_smtp and this seems a bit too restrictive and got some bounces on legitimate senders so I'm

David Chisnall wrote: >On 2 Oct 2012, at 03:26, Magee, Josh wrote: > >> 1) An address of a local variable is taken in such a way as to expose the >> address of a stack location. >> - Example: the address of a local on the RHS of an assignment, the >> address of a local passed into function. > > It also sounds like it would be triggered for a

...too tight, then we are in trouble since existing bitcode might then undergo optimizations that the creator of the bitcode didn't want. So I'd rather start with a quite permissive setup which seems generally useful and allows the most important optimizations, and worry about decomposing and tightening it later. Given the fact that no-one was interested enough to implement any kind of relaxed floating point mode in LLVM IR in all the years gone by, I actually suspect that there might never be anything more than just this simple and not very well defined 'fast-math' mode. But at least th...

On 7/14/2023 4:13 PM, Eric Blake wrote: > On Fri, Jul 14, 2023 at 09:13:42AM +0200, Laszlo Ersek wrote: >> On 7/13/23 21:29, Eric Blake wrote: >>> The documentation has claimed since commit 6f4dcdab that any >>> completion callback will be called exactly once; but this is not >>> consistent with the code: if nbd_aio_* itself returns an error, then >>>

I'm publishing tftp through my firewall to support external Cisco 7960 sip phones. I know that the primary port is 69 for tftp. However, tftp also uses secondary ports ranging from 1,0XX to 30,XXX. ( A broad range) In an effort to limit the secondary ports that are opened, some Windows based tftp server such as the winagents product allows you to limit the range of secondary ports that are

I have a 7921 wireless phone working with Asterisk, and I want to tighten the wide open port range of my IPTABLES now. I tried allowing only SCCP port (2000) in/out and found that my audio was gone. A quick look at my iptables message shows source port 15886 and dest port 25968 used: FORWARD - Drop: IN=eth1 OUT=eth2 SRC=172.31.253.4 DST=172.31.254.102 LEN=200 TOS=0x18 PREC=0xA0 TTL=63 ID=0