search for: untrusted

Displaying 20 results from an estimated 1120 matches for "untrusted".

2018 Jun 29
2
is "map untrusted to domain" possible?
hi: at RHEL 7.4 we had used "map untrusted to domain = yes". so users can login with "username" instead of "sam-dom\username". after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. now "map untrusted to domain = yes" or "map untrusted to domain = auto" are not working. can we...
2011 Nov 05
2
winbind map untrusted domain problem
Hi I have a question/problem about winbind and the "map untrusted to domain" (=yes) parameter. I use samba 3.6.0 on FreeBSD 8.2 with the following configuration: [global] encrypt passwords = yes map untrusted to domain = yes allow trusted domains = yes client ntlmv2 auth = yes client use spnego = yes client lanman auth = yes client plaintex...
2018 Apr 27
4
[PATCH] allow indefinite ForwardX11Timeout by setting it to 0
This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Tr...
2018 Jun 29
3
is "map untrusted to domain" possible?
2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>: > On Fri, 29 Jun 2018 12:56:33 +0800 > d tbsky via samba <samba at lists.samba.org> wrote: > >> hi: >> >> at RHEL 7.4 we had used "map untrusted to domain = yes". so users >> can login with "username" instead of "sam-dom\username". >> >> after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. >> now "map untrusted to domain = yes" or "map untrusted to domain = >...
2010 May 29
1
"untrusted version" warnings
For awhile, at least a week and probably more, aptitude has been complaining that R packages are untrusted. I'm using the amd64 architecture. The packages are r-cran-{cluster,mass,zoo,matrix,digest}. There have been a couple of recent threads that seem related, but I'm having trouble interpreting them or their relevance. i386 is apparently unsigned, but I'm on amd64. There is some corrup...
2002 Feb 12
0
[Bug 111] New: sshd syslogs raw untrusted data
http://bugzilla.mindrot.org/show_bug.cgi?id=111 Summary: sshd syslogs raw untrusted data Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy...
2008 Feb 26
2
bash - safely pass untrusted strings?
In bash, given a string assignment as follows, how do I "add slashes" automagically, so that it can be safely passed to another program? Notice that the assignment contains spaces, single-quotes and double-quotes, maybe god-only-knows-what-else. It's untrusted data. Yet I need to pass it all *safely*. The appropriate function in PHP is addslashes(); but what is the bash equivalent? EG: #! /bin/sh A="This isn't a \"parameter\""; B=`/path/to/somecommand.sh $A`; exit 0; Thanks, -Ben -- Only those who reach toward a go...
2009 Feb 08
0
[OpenSSH_5.1] Untrusted X11 forwarding (ssh -X) no longer works?
...nSSL 0.9.8j 07 Jan 2009 $ ssh -vvv -X example.com [ Relevant debug info: ] debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 [OpenSSH_5.1, OpenSSL 0.9.7j 04 May 2006] debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-TLLOFKxvay/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding. debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req confirm 0 $ xeyes $...
2020 Apr 29
3
[PATCH 5/5] virtio: Add bounce DMA ops
...Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: > That would still not work I think where swiotlb is used for pass-thr devices > (when private memory is fine) as well as virtio devices (when shared memory is > required). So that is a separate question. When there are multiple untrusted devices, at the moment it looks like a single bounce buffer is used. Which to me seems like a security problem, I think we should protect untrusted devices from each other. > -- > QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member > of Code Aurora Forum, hoste...
2020 Apr 29
3
[PATCH 5/5] virtio: Add bounce DMA ops
...Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: > That would still not work I think where swiotlb is used for pass-thr devices > (when private memory is fine) as well as virtio devices (when shared memory is > required). So that is a separate question. When there are multiple untrusted devices, at the moment it looks like a single bounce buffer is used. Which to me seems like a security problem, I think we should protect untrusted devices from each other. > -- > QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member > of Code Aurora Forum, hoste...
2020 Apr 24
3
[PATCH] Allow RDTSC and RDTSCP from userspace
...; >> Do SEV-ES guests _always_ #VC on rdtsc(p)? > > Only if the hypervisor is intercepting those instructions. Ahh, so any instruction that can have an instruction intercept set potentially needs to be able to tolerate a #VC? Those instruction intercepts are under the control of the (untrusted relative to the guest) hypervisor, right? >From the main sev-es series: +#ifdef CONFIG_AMD_MEM_ENCRYPT +idtentry vmm_communication do_vmm_communication has_error_code=1 +#endif Since this is set as non-paranoid, that both limits the instructions that can be used in entry paths *and* li...
2020 Apr 24
3
[PATCH] Allow RDTSC and RDTSCP from userspace
...; >> Do SEV-ES guests _always_ #VC on rdtsc(p)? > > Only if the hypervisor is intercepting those instructions. Ahh, so any instruction that can have an instruction intercept set potentially needs to be able to tolerate a #VC? Those instruction intercepts are under the control of the (untrusted relative to the guest) hypervisor, right? >From the main sev-es series: +#ifdef CONFIG_AMD_MEM_ENCRYPT +idtentry vmm_communication do_vmm_communication has_error_code=1 +#endif Since this is set as non-paranoid, that both limits the instructions that can be used in entry paths *and* li...
2020 Jun 04
0
Is Samba 4.9 and "map untrusted to domain" possible anymore?
...t;Samba"-domain. > > Workstations and users log on to the windows domain "AD". > > Previously users mapped their homedrive from the NT4-domain "Samba", > running samba 3.6 + OpenLDAP. In order for this to go smoothly we > where using the option "map untrusted to domain = yes" so the users > from the "AD"-domain where able to map their drives from the "Samba" > domain without entering their passwords. > > Now we would like the users in the Windows domain "AD" to map their > homedrive from a fileserver...
2004 Apr 21
0
[Bug 849] Document or fix untrusted X11 authority timeout
http://bugzilla.mindrot.org/show_bug.cgi?id=849 Summary: Document or fix untrusted X11 authority timeout Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy...
2002 Dec 11
1
Untrusted Cookies
How can I get ssh to use "untrusted" cookies (see xauth(1), X11-SECURITY-Extension) with forwarded X clients? Cheers. Aurelio.
2003 Apr 07
0
Access to a server using multiple netbios names and include files
We have a file server, solaris 2.8 running SAMBA 2.2.8, that has two netbios names and we have an include file for smb.conf for each. We have some machines that are trusted and some that are not. Trusted means standardized windows install, users don't have root, untrusted means not necessarily standard install, users do have root. The trusted machines are defined in an NIS netgroup. The untrusted machines are in a different NIS netgroup. The basic hostname/netbios alias shares directories to machines that are trusted, but not to an untrusted group of machines...
2013 Apr 02
1
Untrusted domains with security=ads
...ity = domain: # wbinfo -a uni-ruse\\dstoykov%password plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -a fgdgdgd\\dstoykov%password plaintext password authentication succeeded challenge/response password authentication succeeded "map untrusted to domain" solves the same problem for smbd, but doesn't seem to affect ntlm_auth. [global] workgroup = UNI-RUSE realm = UNI-RUSE.BG server string = security = ADS load printers = No printcap name = /dev/null disable spoolss...
2019 Jun 04
2
ADS security mode - authenticating non-domain Linux users
...If I go and get Kerberos tickets for the problem clients (using kinit and friends against the domain controller), mount.cifs with sec=krb5i works. But we cannot get sec=ntlmsspi to work. This was working on an older server (CentOS 6.10, Samba 3.6.23), and I think the key is that the "map untrusted to domain" option was deprecated and eventually removed in Samba 4.8. Otherwise, the configurations between the older and newer server are identical. For non-domain joined clients without Kerberos tickets , I'm guessing that "map untrusted to domain" was allowing the Samba se...
2018 Aug 06
1
Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = auto
----- Original Message ----- > From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Tuesday, July 17, 2018 2:29:59 PM > Subject: Re: [Samba] Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = > auto > On Tue, 17 Jul 2018 13:53:41 -0500 (CDT) > Andrew Martin <amartin at xes-inc.com> wrote: > >> ----- Original Message ----- >> > From: "samba" <samba at lists.samba.org> >> > To: "samba" <samba at lists.sam...
2004 Feb 28
4
[Bug 803] Security Bug: X11 Forwarding is more powerful than it needs to be.
...#39;import' Time for a change isn't it? :) I am able to implement Alan Cox's suggestion with 3 lines in a shell: --- 8< --- # transfer 'trusted' cookie to new file: xauth extract - $DISPLAY | xauth -f $HOME/.sshXauthority merge - # replace 'trusted' cookie with 'untrusted' cookie xauth -f .sshXauthority generate $DISPLAY . untrusted # tell applications where to get the untrusted cookie export XAUTHORITY=$HOME/.sshXauthority --- >8 --- An attacker on the remote host is no more able to log keystrokes, taking screenshots or do remote control stuff. So please...