search for: untaint

Displaying 20 results from an estimated 35 matches for "untaint".

Did you mean: taint
2019 Apr 19
1
selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."
...nter.pl(138) with the Perl error in subject: Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138 code is: ============================== delete @ENV{'BASH_ENV'}; $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH system("cp", "$tmp", "$smb_conf_file"); <== FAILING HERE unlink $tmp; ============================== the solution is, in addition to untainting $PATH: ============================== # the following is according to: # https://perldoc.perl.org/perlsec.html#Clean...
2019 Sep 12
3
Taint flow tracking
Let in a program a variable 'x' is tainted. There is an assignment 'y=x' where y is untainted. How to check the taintflow in the output or data flow graph ? Any suggestions? Thank you. Have a great day. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190912/5bb3655c/attachment.html>
2005 Jan 28
17
breakpoint not working
I keep getting: No connection to breakpoint service at druby://localhost:42531 (DRb::DRbConnError) Tries to connect will be made every 3 seconds... This happens every time i run ./script/breakpointer using 0.9.5 on OSX or Windows. Any ideas?
2006 Apr 04
0
get quota command - Example
...NV{PATH} = ( '/bin', '/usr/bin' ); # Capture environment variables # Directory for whom quota is to be checked $directory = $ARGV[0]; # Type of query 2 = user 4 = group 1,3 not quite sure how they work in reality $type = $ARGV[1]; if ( $type =~ /([1-4])/ ) { $type = $1; # untaint } else { die("Incorrect type flag"); } # UID or GID to be checked $id = $ARGV[2]; if ( $id =~ /(\d+)/ ) { $id = $1; # untaint } else { die("Is that really a uid or gid?"); } # For some reason, despite what documentation states, samba always # appears to...
2001 Oct 04
1
patch - forceshell
...)shell); #endif -------------- next part -------------- #!/usr/bin/perl # Changes root to APPROOT as current user and runs given command or bash # -Don Mahurin my(@command) = @ARGV; if(@command) { if ($command[0] =~ m:^-:) { unshift(@command,"bash") } # assume shell args @command = untaint(@command); } else { @command = ( "bash" ); } exit(1) unless(open(FILE, "/etc/rbusd/APPROOT")); my($rdir) = <FILE>; chomp($rdir); close(FILE); if($rdir =~ m:^(/mnt.*)$:) { $rdir = $1 } else { die "bad dir: $rdir"; } chdir($rdir) || die "can't chdir:...
2009 Jan 22
8
[PATCH 2/2] Enhance MTRR/PAT virtualization for EPT & VT-d enabled both
The patch attached is to set effective memory type for EPT according to the VT-d snoop control capability, and also includes some cleansup for EPT & VT-d both enabled. Signed-off-by: Zhai, Edwin Edwin.Zhai@intel.com<mailto:Edwin.Zhai@intel.com> Signed-off-by: Xin, Xiaohui xiaohui.xin@intel.com<mailto:xiaohui.xin@intel.com> _______________________________________________
2010 Jun 25
1
Compromised servers, SSH keys, and replay attacks
...om the filesystem anyway. And I presume it could capture traffic to/from the virtual terminal. Is there any way for an attacker to replay authentication to a third machine, accessed via the compromised machine using ssh-agent ? If a user connects to a compromised machine using keys, but from an untainted client, do they need to change their keys or passphrase ? (I presume, in principle, that an attacker could steal private user keys and machine keys from a rooted server, then subvert the DNS and entice users to login to their own server instead. Though I'm not sure why they'd want to...
2006 Jul 24
2
Flash problem with RoR? missed something?
I have tried to put a flash movie inside of my RoR page and it shows up with nothing on IEPC. It does very well on every other type of browser but does not work with IEPC. I made a folder - "flash" in my public directory and have had the one instance of it point there. Thus my flash directory is www.rails-app.com/flash/flash.swf Is there anything that anyone knows to help out?
2006 Apr 26
0
Validation of params
...inking of the relations as has_many to ensure foreign keys are valid. But separate from this I think any received data should be validated before being touched at all. It may be used in many other ways. I can see data in params is marked as tainted. I am thinking one way is to validate data and untaint it and the run with an increased $SAFE level. But I would really like to ensure that I don''t forget validating any parameters even if only used for "safe" operations. Is there any better way that putting validated parameters in a separate hash? Maybe deleting all tainted param...
2006 Mar 12
2
Find all the methods on a object in an irb session?
How can I find all the methods on an object from withing irb? Thanks, Joe
2007 Jun 22
1
[Bug 1245] Add support for Darwin CCAPI
http://bugzilla.mindrot.org/show_bug.cgi?id=1245 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #2 from Damien Miller <djm at mindrot.org> 2007-06-22 15:34:00 --- Do the
2003 Dec 30
1
3.0.1/Solaris 9 - smbldap & dots in usernames
Hi All, Is it possible to vampire across dots in usernames? I got over 1000 accounts with dots in them eg. <firstname>.<lastname> The smbldap-tools (version 0.8.2) don't seem to like adding users and groups with dots in them. Any help much appreciated. Darren
2008 Apr 29
0
get_text with safe_erb on Rails 2
After patching safe_erb to work with rails 2, I am now getting conflicts with get_text. When get_text gets a translated value, I recieve the tainted exception. Has anyone come across this before and if so, where do I monkey patch to insert the untaint() method.. :) If no responses, I will eventually post my solution.. Thanks in advance ilan -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk"...
2013 Jan 14
0
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
...ore that. I have been doing release engineering for about 1.5 decades now. One of the things you DO NOT do is replace a tarball. Machines get compromised. Good distributions get replaced with tainted versions. One of the few ways the rest of the world has some assurance that they are getting a untainted version is that what you get now is what you got when the product was first released. One of the way a site learns that it has been compromised is tarballs changing. Yes, the replaced tarball is signed with your signature but I don't know you from a bar of soap. I don't know what your...
2013 Jan 17
0
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
...en doing release engineering > for about 1.5 decades now. One of the things you DO NOT do is > replace a tarball. Machines get compromised. Good distributions > get replaced with tainted versions. One of the few ways the rest > of the world has some assurance that they are getting a untainted > version is that what you get now is what you got when the product > was first released. One of the way a site learns that it has been > compromised is tarballs changing. Seems like a sad situation that will only get worse. > > Yes, the replaced tarball is signed with your sig...
2008 Aug 25
1
acts_as_state_machine: SecurityError calling insecure method
(also posted on rails forum: http://railsforum.com/viewtopic.php?id=21744, then I discovered this lilst and there are many more people...) Hi, since yesterday I suddenly recieve lots of such messages in my logfiles - and everything in the user model that uses that plugin fails! My deployed Rails code hasn''t changeed in 5 days, and those errors started to appear only a day ago.
2011 Dec 12
1
v2.1.rc1 managesieve TLS
Hi, TLS on imap port 143 works. But if I try TLS on managesieve port 4190, I get no connection. Dec 12 21:16:10 managesieve-login: Info: Disconnected (no auth attempts in 5 secs): rip=192.168.10.117, lip=192.168.10.117, secured Dec 12 21:16:20 managesieve-login: Info: Disconnected (no auth attempts in 5 secs): rip=192.168.10.117, lip=192.168.10.117, TLS handshaking: Disconnected # gnutls-cli
2013 Sep 26
29
[Bug 69827] New: Uneven, jerky mouse movement, increasing CPU usage
https://bugs.freedesktop.org/show_bug.cgi?id=69827 Priority: medium Bug ID: 69827 Assignee: nouveau at lists.freedesktop.org Summary: Uneven, jerky mouse movement, increasing CPU usage QA Contact: xorg-team at lists.x.org Severity: normal Classification: Unclassified OS: Linux (All) Reporter: jimoe at
2006 Jul 05
2
Serialized object behaves weird
Hi! I got a class named EinsatzFilter which I serialized to session. Before saving to session it works afterwards I keep getting the message: "undefined method `to_s'' for #<Person:0x38c6ab8>". "Person" is a from ActiveRecord::Base inherited class. Code: class EinsatzFilter include ApplicationHelper attr_reader :personen, :monat, :projekte, :kunde
2006 Jun 30
6
RSS::Parser Documentation
Hi I am trying to use the RSS classes from "rss/2.0" and everything works but I want to know what attributes and properties I can get at from each of the classes I am getting back. For example, the class has a "channel" which I can tell has a "title" attribute (because it works when I query it :) but I would really like a list of every attribute that is