Displaying 20 results from an estimated 1120 matches for "untrusted".
2018 Jun 29
2
is "map untrusted to domain" possible?
hi:
at RHEL 7.4 we had used "map untrusted to domain = yes". so users
can login with "username" instead of "sam-dom\username".
after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7.
now "map untrusted to domain = yes" or "map untrusted to domain =
auto" are not working.
can we...
2011 Nov 05
2
winbind map untrusted domain problem
Hi
I have a question/problem about winbind and the "map untrusted to domain" (=yes) parameter.
I use samba 3.6.0 on
FreeBSD 8.2 with the following configuration:
[global]
encrypt passwords = yes
map untrusted to domain = yes
allow trusted domains = yes
client ntlmv2 auth = yes
client use spnego = yes
client lanman auth = yes
client
plaintex...
2018 Apr 27
4
[PATCH] allow indefinite ForwardX11Timeout by setting it to 0
This change allows use of untrusted X11 forwarding (which is more
secure) without
requiring users to choose a finite timeout after which to refuse new
connections.
This matches the semantics of the X11 security extension itself, which
also treat a
validity timeout of 0 on an authentication cookie as indefinite.
Signed-off-by: Tr...
2018 Jun 29
3
is "map untrusted to domain" possible?
2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Fri, 29 Jun 2018 12:56:33 +0800
> d tbsky via samba <samba at lists.samba.org> wrote:
>
>> hi:
>>
>> at RHEL 7.4 we had used "map untrusted to domain = yes". so users
>> can login with "username" instead of "sam-dom\username".
>>
>> after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7.
>> now "map untrusted to domain = yes" or "map untrusted to domain =
>...
2010 May 29
1
"untrusted version" warnings
For awhile, at least a week and probably more, aptitude has been
complaining that R packages are untrusted. I'm using the amd64
architecture. The packages are r-cran-{cluster,mass,zoo,matrix,digest}.
There have been a couple of recent threads that seem related, but I'm
having trouble interpreting them or their relevance.
i386 is apparently unsigned, but I'm on amd64.
There is some corrup...
2002 Feb 12
0
[Bug 111] New: sshd syslogs raw untrusted data
http://bugzilla.mindrot.org/show_bug.cgi?id=111
Summary: sshd syslogs raw untrusted data
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy...
2008 Feb 26
2
bash - safely pass untrusted strings?
In bash, given a string assignment as follows, how do I "add slashes"
automagically, so that it can be safely passed to another program? Notice
that the assignment contains spaces, single-quotes and double-quotes, maybe
god-only-knows-what-else. It's untrusted data.
Yet I need to pass it all *safely*.
The appropriate function in PHP is addslashes(); but what is the bash
equivalent? EG:
#! /bin/sh
A="This isn't a \"parameter\"";
B=`/path/to/somecommand.sh $A`;
exit 0;
Thanks,
-Ben
--
Only those who reach toward a go...
2009 Feb 08
0
[OpenSSH_5.1] Untrusted X11 forwarding (ssh -X) no longer works?
...nSSL 0.9.8j 07 Jan 2009
$ ssh -vvv -X example.com
[ Relevant debug info: ]
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
[OpenSSH_5.1, OpenSSL 0.9.7j 04 May 2006]
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
/tmp/ssh-TLLOFKxvay/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1
untrusted timeout 1200 2>/dev/null
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
$ xeyes
$...
2020 Apr 29
3
[PATCH 5/5] virtio: Add bounce DMA ops
...Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote:
> That would still not work I think where swiotlb is used for pass-thr devices
> (when private memory is fine) as well as virtio devices (when shared memory is
> required).
So that is a separate question. When there are multiple untrusted
devices, at the moment it looks like a single bounce buffer is used.
Which to me seems like a security problem, I think we should protect
untrusted devices from each other.
> --
> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
> of Code Aurora Forum, hoste...
2020 Apr 29
3
[PATCH 5/5] virtio: Add bounce DMA ops
...Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote:
> That would still not work I think where swiotlb is used for pass-thr devices
> (when private memory is fine) as well as virtio devices (when shared memory is
> required).
So that is a separate question. When there are multiple untrusted
devices, at the moment it looks like a single bounce buffer is used.
Which to me seems like a security problem, I think we should protect
untrusted devices from each other.
> --
> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
> of Code Aurora Forum, hoste...
2020 Apr 24
3
[PATCH] Allow RDTSC and RDTSCP from userspace
...;
>> Do SEV-ES guests _always_ #VC on rdtsc(p)?
>
> Only if the hypervisor is intercepting those instructions.
Ahh, so any instruction that can have an instruction intercept set
potentially needs to be able to tolerate a #VC? Those instruction
intercepts are under the control of the (untrusted relative to the
guest) hypervisor, right?
>From the main sev-es series:
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+idtentry vmm_communication do_vmm_communication has_error_code=1
+#endif
Since this is set as non-paranoid, that both limits the instructions
that can be used in entry paths *and* li...
2020 Apr 24
3
[PATCH] Allow RDTSC and RDTSCP from userspace
...;
>> Do SEV-ES guests _always_ #VC on rdtsc(p)?
>
> Only if the hypervisor is intercepting those instructions.
Ahh, so any instruction that can have an instruction intercept set
potentially needs to be able to tolerate a #VC? Those instruction
intercepts are under the control of the (untrusted relative to the
guest) hypervisor, right?
>From the main sev-es series:
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+idtentry vmm_communication do_vmm_communication has_error_code=1
+#endif
Since this is set as non-paranoid, that both limits the instructions
that can be used in entry paths *and* li...
2020 Jun 04
0
Is Samba 4.9 and "map untrusted to domain" possible anymore?
...t;Samba"-domain.
>
> Workstations and users log on to the windows domain "AD".
>
> Previously users mapped their homedrive from the NT4-domain "Samba",
> running samba 3.6 + OpenLDAP. In order for this to go smoothly we
> where using the option "map untrusted to domain = yes" so the users
> from the "AD"-domain where able to map their drives from the "Samba"
> domain without entering their passwords.
>
> Now we would like the users in the Windows domain "AD" to map their
> homedrive from a fileserver...
2004 Apr 21
0
[Bug 849] Document or fix untrusted X11 authority timeout
http://bugzilla.mindrot.org/show_bug.cgi?id=849
Summary: Document or fix untrusted X11 authority timeout
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy...
2002 Dec 11
1
Untrusted Cookies
How can I get ssh to use
"untrusted" cookies (see xauth(1), X11-SECURITY-Extension)
with forwarded X clients?
Cheers.
Aurelio.
2003 Apr 07
0
Access to a server using multiple netbios names and include files
We have a file server, solaris 2.8 running SAMBA 2.2.8, that has two
netbios names and we have an include file for smb.conf for each.
We have some machines that are trusted and some that are not. Trusted
means standardized windows install, users don't have root, untrusted
means not necessarily standard install, users do have root. The trusted
machines are defined in an NIS netgroup. The untrusted machines are in
a different NIS netgroup.
The basic hostname/netbios alias shares directories to machines that are
trusted, but not to an untrusted group of machines...
2013 Apr 02
1
Untrusted domains with security=ads
...ity = domain:
# wbinfo -a uni-ruse\\dstoykov%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
# wbinfo -a fgdgdgd\\dstoykov%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
"map untrusted to domain" solves the same problem for smbd, but doesn't
seem to affect ntlm_auth.
[global]
workgroup = UNI-RUSE
realm = UNI-RUSE.BG
server string =
security = ADS
load printers = No
printcap name = /dev/null
disable spoolss...
2019 Jun 04
2
ADS security mode - authenticating non-domain Linux users
...If I go and get Kerberos tickets for the problem clients (using kinit
and friends against the domain controller), mount.cifs with sec=krb5i
works. But we cannot get sec=ntlmsspi to work. This was working on an
older server (CentOS 6.10, Samba 3.6.23), and I think the key is that
the "map untrusted to domain" option was deprecated and eventually
removed in Samba 4.8. Otherwise, the configurations between the older
and newer server are identical.
For non-domain joined clients without Kerberos tickets , I'm guessing
that "map untrusted to domain" was allowing the Samba se...
2018 Aug 06
1
Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = auto
----- Original Message -----
> From: "samba" <samba at lists.samba.org>
> To: "samba" <samba at lists.samba.org>
> Sent: Tuesday, July 17, 2018 2:29:59 PM
> Subject: Re: [Samba] Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain =
> auto
> On Tue, 17 Jul 2018 13:53:41 -0500 (CDT)
> Andrew Martin <amartin at xes-inc.com> wrote:
>
>> ----- Original Message -----
>> > From: "samba" <samba at lists.samba.org>
>> > To: "samba" <samba at lists.sam...
2004 Feb 28
4
[Bug 803] Security Bug: X11 Forwarding is more powerful than it needs to be.
...#39;import'
Time for a change isn't it? :)
I am able to implement Alan Cox's suggestion with 3 lines in a shell:
--- 8< ---
# transfer 'trusted' cookie to new file:
xauth extract - $DISPLAY | xauth -f $HOME/.sshXauthority merge -
# replace 'trusted' cookie with 'untrusted' cookie
xauth -f .sshXauthority generate $DISPLAY . untrusted
# tell applications where to get the untrusted cookie
export XAUTHORITY=$HOME/.sshXauthority
--- >8 ---
An attacker on the remote host is no more able to
log keystrokes, taking screenshots or do remote control stuff.
So please...