Displaying 20 results from an estimated 200 matches similar to: "sandbox pre-auth privsep child"
2011 Jun 23
1
sandbox for OS X
Hi,
The systrace and rlimit sandboxes have been committed and will be in
snapshots dated 20110623 and later. This diff adds support for
pre-auth privsep sandboxing using the OS X sandbox_init(3) service.
It's a bit disappointing that the OS X developers chose such as
namespace-polluting header and function names "sandbox.h",
"sandbox_init()", etc. It already forced me to
2012 Jul 02
1
rlimit sandbox on cygwin
Hi all.
I have an old windows VM with an oldish cygwin that I use for the
regression tests. Investigating one of the test failures, I see that
it's for UsePrivilegeSeparation=sandbox, and it seems to be because
setrlimit(RLIMIT_FSIZE, ...) is not supported.
IMO, this isn't a big loss, since the most useful thing in the rlimit
"sandbox" is the descriptor limits. Can anyone see
2012 Dec 21
0
File Attachments for previous bug report
I have renamed all of the patch files to .txt, which should be acceptable
for the mailer daemon at mindrot, per Angel's suggestion.
I am attaching the patch files to the email, with the extra space removed
and a minor correction made.
Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
--- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800
+++ port-linux.c
2012 Dec 20
4
Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
Hello All,
In reviewing source code for OpenSSH-6.1p1, I found instances
of deprecated library calls still within various source code files.
Examples of deprecated calls are: bzero() (replaced with memset()
which is ANSI compliant), index() (replaced with strchr() which
is also ANSI compliant).
In file 'auth2-jpake.c', I've replaced all the bzero() calls with
the equivalent
2017 Sep 22
2
Call for testing: OpenSSH 7.6
On Thu, Sep 21, 2017 at 02:22:10AM -0500, Zev Weiss wrote:
> test_kex: regress/unittests/kex/test_kex.c:91 test #1 "sshkey_generate"
> ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0) failed:
> sshkey_generate(keytype, bits, &private) = -56
That error code is:
$ grep -- -56 ssherr.h
#define SSH_ERR_KEY_LENGTH -56
Unfortunately there's lots of
2003 Nov 12
0
smbmount patch
Hi there!
Samba-2.2.8a
There is possible deadlock in smbmount (smbmount.c) when parent process forking.
Maybe this is a Linux-only bug (2.4 and 2.6 shows the same). But this is enough to
apply my patch (or make other proper thing[s]).
Explaining:
Smbmount need to be a daemon to serve the mountpoint.
Parent make [sys_]fork() to create this young daemon.
After sys_fork() children go ahead and
2004 Jan 01
1
[PATCH] Add winbind-backed NTLMSSP support to Cyrus-SASL
Windows authentication extends far beyond the CIFS protocol the Samba
implements, but it only very recently that work has been done to catch
up to Microsoft's extensions in this area. This has caused many
administrators pain and toil that their MS counterparts simply don't
have. For them, authentication 'just works', with single-sign-on and
the lot.
I have worked, for over a
2006 Apr 05
23
DTrace as a security tool / http://systrace.org
I''d like to see if we can use DTrace to as the kernel implementation of
the BSD systrace security policy system (http://www.systrace.org). I
don''t really want to port systrace to Solaris because I think with
DTrace we already have all the necessary in kernel hooks to do this.
With systrace you express things like: "httpd can bind to port 80 but
not any other port, it
2006 Jun 03
1
man pages for each providers ?
Hey,
Do you guys think that is a good idea to have a manual page for each provider with a complete description of what probes are offered ? Found some already under 7D category:
dtrace dtrace (7d) - DTrace dynamic tracing facility
fasttrap fasttrap (7d) - DTrace user instruction tracing provider
fbt fbt (7d) - DTrace function boundary tracing provider
2001 Apr 04
1
compiler warnings about format strings
Is anyone bothered by the compiler warnings that indicate that the
format strings don't match the associated variables? I was, so I cast
most of the objectionable args (pids, uids, gids) to "long", and added
an "l" (el) to the format string. A single item was cast to an int.
Here's the patch. If you haven't applied my UseLogin patch, the line
numbers in
2011 Apr 13
4
AGI and forking
Hi. I just want to make sure I understand this before doing something that
might break things spectacularly for our users and customers :)
We are using Asterisk 1.6.2.9 and my programming language of choice is Perl.
I want, when a call comes in on someone's DDI number (which the person who
dialled it can only possibly have obtained by dialling 1471 after we called
them), to be able to
2003 Jul 25
3
systrace for FreeBSD 5.1
I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1.
I'm sending him the diffs to integrate into his distribution. I'd also like
to submit them to someone with FreeBSD for consideration, and hopefully
inclusion as a port or whatever you prefer.
Who could I send them to, or what would you prefer me to do with regard to
FreeBSD?
Thanks,
Rich Murphey
2007 Aug 09
9
Is DTrace Vulnerable?
There is a Slashdot discussion today titled "Cambridge Researcher Breaks
OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s
Dtrace might be vulnerable." I don''t think it is. Comments?
Exploiting Concurrency Vulnerabilities in System Call Wrappers
http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf
Abstract
2005 Aug 23
0
Duplication in dtrace''s forceload entries in /etc/system
Hi,
If you have a custom kernel (and therefore have duplicates of
everything in /kernel in your custom kernel) and have noticed that when
you try to use anonymous tracing, dtrace adds multiple copies of the
forceload directives to /etc/system, e.g.:
* vvvv Added by DTrace
*
* The following forceload directives were added by dtrace(1M) to allow for
* tracing during boot. If these
1999 Jan 24
1
HPUX 9.05 & Samba 2.0.0 & problems -> solved !
Hi there !
I just solved the problem that produced following error in smb.log file:
'check_access_allowed_for_current_user: The process is no longer waiting!'
Since nobody gave me any help I had to dig this out myself :-)
This error happens if two programs hold more than 10 same files
simultaneously open through Samba and
check_access_allowed_for_current_user() gets called. And this
2011 Aug 14
10
Call for testing: OpenSSH-5.9
Hi,
OpenSSH 5.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains a
couple of new features and changes and bug fixes. Testing of the new
sandboxed privilege separation mode (see below) would be particularly
appreciated.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The
2011 Sep 06
2
Announce: OpenSSH 5.9 released
OpenSSH 5.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2011 Sep 06
2
Announce: OpenSSH 5.9 released
OpenSSH 5.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2005 Oct 11
7
dtrace: failed to initialize dtrace: DTrace device not available on system
I have a number of systems running solaris10 and i see the package and binary for dtrace installed however whenever we try to run anything we get this error
dtrace: failed to initialize dtrace: DTrace device not available on system
the only system in which i dont have this error is the development server that has the full solaris 10 install while others are minimized, do i need additional
2004 Jul 29
2
Samba 3.0.x and high processor utilication caused by /etc/passwd access
Hello together,
since upgrading on samba 3.0.x (issue happens with all 3.0. release) the
cpu-load on my samba PDC ist constantly near 100%. The cpu power ist
consumed by all running smb-processes. Systrace shows me that the smb
processes tried to access to /etc/passwd on a permanent basis. My question
is: Why tries samba to access etc/passwd so often and produces this high
cpu-load?
Regards,