search for: trapdoor

Hi Folks, I want to use samba and amanda to backup NT/win file system. I downloaded the latest version of Samba and trying to install on bsdi4.0 and it complains that the OS is a "trapdoor" OS and will not work propperly. I installed it anyway and I can connect to NT no problem but when I connect it back to the unix box, it complains about "Bad password - name/password in a Tree connect" I believe this is something to do with the "trapdoor" issue. However, ol...

...to connect to the machine - my logs showed an error of unable to set the appropriate GID from smbd/uid.c. (NT gave me the "incorrect user or password" dialog). The function that was failing was set_effective_gid in lib/util_sec.c. In that section there are four possible calls: some UID trapdoor call setresgid setregid setegid Which one is used is determined by #defines in include/config.h. For some reason the configure script set the trapdoor, the setregid, and the setegid (and the corresponding defs for uid calls) to 1 and did not declare only the one for setresgid. I commented the li...

...1 here: Change samba-2.0.4b/source/lib/util_sec.c funktion set_effective_uid like this: 155c155 < #elif defined(HAVE_SETREUID) --- > #elif defined(HAVE_SETREUID) && !defined(AIX) #############################^^^^^^^^^^^^^^^^^ to int set_effective_uid(uid_t uid) { #if defined(HAVE_TRAPDOOR_UID) return trapdoor_set_effective_uid(uid); #elif defined(HAVE_SETRESUID) return setresuid(-1,uid,-1); #elif defined(HAVE_SETREUID) && !defined(AIX) return setreuid(-1,uid); #else if ((seteuid(uid) != 0) && (setuid(uid) != 0)) return -1;...

...9/07/22 20:57:05, 0] smbd/service.c:(463) Can't become connected user! [1999/07/22 20:57:05, 2] smbd/server.c:(406) Closing connections I saw one message about making sure that configure was done as root, but I did that. configure (2.0.5a) did warn me:- checking configure summary WARNING: trapdoor uid system - Samba may not operate correctly WARNING: No automated netmask determination - use an interfaces line configure OK I can not see a way round this and I did not find anything in the archives. Did I miss it? Can anyone help? Cheers, Brian. -- Associate Professor Brian Salter-D...

...er if it can be a problem when one of the directories, in that case /home/kikinovak/Sites, is already an NFS mount. I can't really figure it out, but I guess I vaguely fear some situation similar to the one displayes in "Being John Malkovich", where John Malkovich enters the secret trapdoor to his own thoughts. Thought I'd better ask before doing something silly. Cheers, Niki -- http://www.kikinovak.net

Since loading 2.0.x of Samba, the SMBD process is always ran as "root" when users connect. I just compiled Samba 2.0.3 on a AIX 4.2 to fix it according to the enhancement document. SMBD is still running as "root" on 2.0.3. Does anybody have a work around for this. Tom Harris Denton CAD tomh@iglobal.net

On Tue, Jul 28, 2015 at 4:34 PM, Warren Young <wyml at etr-usa.com> wrote: > That?s only true if the majority of people will in fact override the default policy. The current behavior in Fedora and CentOS lets you click Done twice and bypass the weak password complaint. > But as I have repeatedly pointed out here, the stock rules really are not that onerous. They basically encode

...t;replacement function" concept in S and R: A replacement function takes an object from the frame, does whatever it does, and returns a replacement for this object. The evaluator doesn't know what the replacement function does, so the EnsureLocal strategy is inevitable. There is one trapdoor, however. duplicate() does essentially nothing for data types that are references, most importantly for environments. That's the basis for reference classes. But a reference class is not exactly what we want here. Our different models share the BigData but should not share the same other...

I just created a new smbpasswd file, all users with unset passwords. Problem is, users can't set their passwords, only I can as root. Password is not set / blank, but they still get: >test> smbpasswd >Old SMB password: <enter> >New SMB password: Samba >Retype new SMB password: Samba >machine 127.0.0.1 rejected the password change: Error was : RAP86: The >specified

Can you please help or point me in the correct direction to solve the following problem We have an old stock control program which runs on all types of MS os's from DOS to NT4. However, It refuses to lock correctly on a samba server (Version samba-2.0.6-19991110.386.rpm). When both the file and lock program are placed in the same directory and the lock program run from a dos prompt on one

On Tue, Jan 26, 2016 at 11:51:29AM +0000, Peter Duffy wrote: > I'm also still trying to figure out in what way systemd is supposed to > be "better". I've seen the following things claimed for it: Of the three things you list, hot-plug is certainly an important one. But, it's not the big deal. The big deal is that systemd is not just a fire-and-hope startup system, but

I previously had an older version of Samba installed with the following smb.conf: ; Make sure and restart the server after making changes to this file, ex: ; /etc/rc.d/init.d/smb stop ; /etc/rc.d/init.d/smb start [global] ; Uncomment this if you want a guest account guest account = nobody log file = /var/log/samba-log.%m lock directory = /var/lock/samba share modes = yes

...ight in the first place - and then > stability is good. Security changes, too. 10 years ago, 2FA was something you only saw in high-security environments. Today, I have two different 2FA apps on the phone in my pocket. That phone is protected by a biometric system, which protects access to a trapdoor secure data store. My *phone* does this. The phone I had 10 years ago would let you hook a serial cable up and suck its entire contents out without even asking you for a password. >> Google already did that cost/benefit calculation: they tried staying on RH 7.1 indefinitely, and thereby bu...

...loseCommand" to ssh_config. They are commands which are executed before the connection is established (or ProxyCommand started) and after the connection has been closed (or ProxyCommand ended). this is usefull for stuff like portknocking or (that's what I wrote the patch for) talking with trapdoor2 (http://oss.linbit.com/trapdoor2/). it would be great to see that patch applied (or compareable functionality implemented) in one of the coming openssh releases. yours, - clifford PS: I'm not subscribed to this list, so please CC me on replies. -- ____ ___ ____ _ __ _ _ www.ro...

...pedef included by rpc/rpc.h... no checking for test routines... yes checking for ftruncate extend... yes checking for broken getgroups... no checking whether getpass should be replaced... no checking for broken inet_ntoa... no checking for root... yes checking for netmask ifconf... yes checking for trapdoor seteuid... no checking for shared mmap... yes checking for fcntl locking... yes checking for 64 bit fcntl locking... yes checking for sysv ipc... yes checking whether to use smbwrapper... no checking whether to use AFS... no checking whether to use DFS auth... no checking whether to use Kerberos IV...

...chain P of them together (in the example above N=14 and P=10) then there are 2^(N*P) different instances. Already with 140 bits of entropy, a brute force attack is out of the question no matter how many hardware coded DES machines you have. Suppose you have perfect cryptanalytic knowledge of DES - trapdoor and all - even then, can you see a way to attack this variable version? Finally, let me try to demonstrate why a "variable" cipher is more difficult to break: Take two ciphers A and B with keys of N bits. These ciphers must be independent in the sense that physically breaking one does n...

At 01:59 PM 6/29/98 +0000, Kokoro Security Administrator wrote: >Hello everyone - > >I am looking for the name of a piece of hardware, and don''t know what it >is called. I am told that there exists such a thing (a switch? a router? >a special hub?) that will only send me traffic that is destined for me. simple definitions: --router: looks at a layer 3 address (such as

On Mon, Dec 29, 2014 at 8:04 PM, Warren Young <wyml at etr-usa.com> wrote: > >>> >>> the world where you design, build, and deploy The System is disappearing fast. >> >> Sure, if you don't care if you lose data, you can skip those steps. > > How did you jump from incremental feature roll-outs to data loss? There is no necessary connection there.

[mod: This discussion has been going on "offline" with an occasional CC to linux-security. By the time I got around to do another "moderation round" this one was the latest. Everyone is keeping good context, so I think you all will be able to follow the discussion. --REW] >>>>> <seifried@seifried.org> writes: >> The only thing I can see coming out

This patchset does some cleaning up of the atomic VCPI helpers for MST, and converts nouveau over to using them. I would have included amdgpu in this patch as well, but at the moment moving them over to the atomic helpers is nontrivial. Cc: Daniel Vetter <daniel at ffwll.ch> Lyude Paul (6): drm/dp_mst: Deprecate drm_dp_find_vcpi_slots() drm/dp_mst: Remove all evil duplicate state