search for: uphoff

...also been the author of the numerous "Linux Security FAQ Updates" and has contributed to a number of other (e.g. CERT, AUSCERT) advisories. I''m still hanging on "in the background" as both lists'' administrator for the time being, however. - --Up. - -- Jeff Uphoff - systems/network admin. | juphoff@nrao.edu National Radio Astronomy Observatory | juphoff@bofh.org.uk Charlottesville, VA, USA | jeff.uphoff@linux.org PGP key available at: http://www.cv.nrao.edu/~juphoff/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Ma...

...andom-seed count=1 Looks like a partial (and thus incorrect) modification was done to Ted''s instructions when putting together the initscripts. This means that /dev/urandom is not being re-seeded at boot as expected. If you depend on /dev/*random, the impact is obvious. --Up. -- Jeff Uphoff - Scientific Programming Analyst | juphoff@nrao.edu National Radio Astronomy Observatory | juphoff@bofh.org.uk Charlottesville, VA, USA | jeff.uphoff@linux.org PGP key available at: http://www.cv.nrao.edu/~juphoff/ From mail@mail.redhat.com redhat.com (l...

amd from the amd-920824upl102-6.i386.rpm file distributed with RedHat Linux 4.1 does not honor the nodev option for NFS filesystems and probably other mount types, allowing any user access to the device files in /dev on a system, provided that they have root access to another linux box on the network. In addition, the default amd.conf from RH 4.1 maps /net/* to NFS mounting, which makes the bug in

Hi all, I believe that this behavior is caused by the ``intr'' (-i) option to mount_nfs(8). As noted by Stephan Uphoff in PR/79700, he does not recommend use intr option. After remove the option, the dd works well. Sorry for the noisy :-) However, I think some warnings can be added to mount_nfs(8) about the usage of intr and its consequence. So this won't be happened again. Regards, Rong-En Fan

I think this is an issue of serious interest to many of the subscribers of these lists; it would effectively ban a lot of security-related tools that many of use now find indispensable, e.g. ssh, pgp. ------- Start of forwarded message ------- Date: 21 Mar 1997 10:11:57 GMT From: rja14@cl.cam.ac.uk (Ross Anderson) Approved: R.E.Wolff@BitWizard.nl Subject: DTI proposals on key escrow The British

...11.msync Security Advisory The FreeBSD Project Topic: buffer cache invalidation implementation issues Category: core Module: sys Announced: 2004-05-26 Credits: Stephan Uphoff <ups@tree.com> Matt Dillon <dillon@apollo.backplane.com> Affects: All FreeBSD versions prior to the correction date Corrected: 2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE) 2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8)...

...11.msync Security Advisory The FreeBSD Project Topic: buffer cache invalidation implementation issues Category: core Module: sys Announced: 2004-05-26 Credits: Stephan Uphoff <ups@tree.com> Matt Dillon <dillon@apollo.backplane.com> Affects: All FreeBSD versions prior to the correction date Corrected: 2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE) 2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8)...

I''m looking for some evidence, backup up with dates and references, that shows that the Linux community responds to security problems more quickly than other OS vendors, and thus might be considered "more secure". A number of fairly high profile corporations are starting to look for such information as they consider Linux as an alternative solution to other UNIXes. Something

[mod: Forwarded by Jeff Uphoff. I tried to mangle the headers that it appears as the original post: with an invalid return address. -- REW] A few months back, a very alpha version of bliss got posted. That shouldn''t have happened, but, it was pretty much ignored so I didn''t worry about it. But now it seems the...

------- start of forwarded message (RFC 934 encapsulation) ------- From: kevingeo@CRUZIO.COM Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> To: BUGTRAQ@NETSPACE.ORG Subject: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files Date: Wed, 25 Feb 1998 05:49:58 -0500 Reply-To: kevingeo@CRUZIO.COM Vulnerable: Everyone who followed the installation instructions and made Quake2

Hello - I am using glmnet to generate a model for multiple cohorts i. For each i, I run 5 separate models, each with a different x variable. I want to compare the fit statistic for each i and x combination. When I use auc, the output is in some cases is < .5 (.49). In addition, if I compare mean MSE (with upper and lower bounds) ... there is no difference across my various x variables, but

------- start of forwarded message (RFC 934 encapsulation) ------- From: Joe Zbiciak <im14u2c@cegt201.bradley.edu> Approved: alex@bach.cis.temple.edu Sender: Bugtraq List <BUGTRAQ@netspace.org> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org> Subject: Buffer overflow in Linux''s login program Date: Sun, 22 Dec 1996 09:27:24 -0600 Reply-To: Joe Zbiciak

[mod: The first message would''ve been rejected on the grounds "no security related information", but it gives ME a warm feeling too, so I''m allowing it to piggyback on the announcement of the "fix". Note that Linux-2.1.63 simply implements a fix for the problem, instead of applying this fix, upgrading to 2.1.63 might be an option for you. Linus indicated that