similar to: [PATCH] Use a control socket directory to restrict access

There are at least three cases: * Linux: check credentials and pid from client; restrict permissions from server * BSD: check credentials only from client; restrict permissions from server * Solaris: wide open --- configure.in | 4 ++-- src/control.c | 11 ++++++++++- src/control_common.h | 1 + src/tincctl.c | 38 ++++++++++++++++++++++++++++++++++---- 4

(Second try to send this. I wonder if the first one gotten eaten by a spam filter; I'll link to patches instead of attaching them.) Here are the tincctl patches I've been working on. They apply to http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit them once the crypto stuff's fixed. Since they're basically done, I'm emailing them now for review and in case

We have been fighting with intermittent connections here and have noticed that tinc seems to use up its supply of file descriptors. After a whole bunch of Nov 8 03:51:23 tserver tinc.calgary[23909]: Could not set up a meta connection. Nov 8 03:51:23 tserver tinc.calgary[23909]: Still failed to connect to other. Will retry Nov 8 03:51:33 tserver tinc.calgary[23909]: 10.38.9.1:8193: Connection

I wrote this little program to deal with the situation where there are a number of workgroups on a number of subnets with no WINS server [actually I couldn't get this configuration to run with a WINS server - but that's another story] You run this program on machines bridging your subnets and it listens for netbios nameserver packets and forwards them. [Broadcast packets are sent on to

All, I see the following message fairly frequently in our nsd.log files: error: failed reading from tcp: Connection reset by peer A quick grep through the source code reveals that this log message comes from server.c, and can come pretty much at any time during a TCP query. Since: - This condition occurs during normal operation, and - There is nothing a server operator can do about it. I

Currently, we leave the group ID alone, but now that we're looking at KRB5CCNAME, we need to be a little more careful with credentials. After we get the uid, do a getpwuid and grab the default gid for the user. Then use setgid to set it before calling setuid. Signed-off-by: Jeff Layton <jlayton at samba.org> --- cifs.upcall.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed,

Hello all, Tested on linux 2.6.18 (Centos5) and FreeBSD 7.0. You would execute it like below (which basically makes tftp reply back with same port is listening on ) tftpd --port-range 69:69 -4 -s /tftpboot/ --- tftp-hpa-0.49/tftpd/tftpd.c 2008-10-21 01:08:31.000000000 +0300 +++ tftp-hpa-0.49-tftpd-reuseport.c 2010-03-03 15:19:26.000000000 +0200 @@ -524,6 +524,11 @@ #ifndef __CYGWIN__

The attached modification to log-server.c add a "tag" to all the syslog output. The tag is a composite of the internal verbose level names used in sshd and the external syslogd names. The form of the tag is as follows. ssh_internal_name(syslog_priority) This might be instructive for a learning sysadmin trying to setup syslog for sshd logging. (I have posted earlier about

Earlier this year, I added a patch to my local NUT tree to additionally print the value of usb_strerror() if usb_clear_halt() failed. (Ignore the commented-out goto.) Since these messages are at the LOG_ERR level, should we add usb_strerror() to all of the calls in nut_usb.c? diff --git a/drivers/nut_usb.c b/drivers/nut_usb.c index 494a1fa..4ca2691 100644 --- a/drivers/nut_usb.c +++

The default path is /var/run/tftpd-hpa.pid, which can be overridden by the newly introduced -P option. On normal termination (SIGTERM or SIGINT) the pid file is automatically removed. Moved setting the umask later, right before entering the select loop, so that it does not affect the permissions of the pid file. Signed-off-by: Ferenc Wagner <wferi at niif.hu> --- tftpd/tftpd.c | 38

The tripplite driver was developed on a machine with a reliable serial connection, and inherited the assumption that the serial line connection would not drop, reorder, or fail character read and writes. This patch adds significantly improved failure mode handling and also does basic checks of data validity. There's also a few minor cleanups/beautification. I've tested this code on my

Hi, They say one should never argue with people that know more than you, so please bear with me. On 2013/10/24 09:47 PM, hyouko at gmail.com wrote: > The driver is expecting either 'ACK' or no reply at all in case of > success and the command itself echoed back in case of errors. > On the other hand, your UPS replies '(ACK' in case of success and > '(NAK' on

Hello, I did a quick change to the patched port of poppassd and am wondering if you think my code would introduce any potential problems. The idea is right after we check if the username exists, also check if the UID of that username is over 1000. I wanted to make sure that no one monkeys around with priveleged users once poppassd is running. So, the middle chunk of code is mine, everything

The following code is a first attempt at a simple but flexible suid wrapper which checks argv[] and environment. It might introduce new security holes or have other bugs; using 1 as a general failure exit value may be the wrong thing to do. The wrapper reads a configuration file named /etc/wrapper.cfg; see the comments in wrapper.c for the file''s format. Flame, comment, or use at will.

From: K. Y. Srinivasan <ksrinivasan at novell.com> Subject: An implementation of key/value pair feature (KVP) for Linux on HyperV. Signed-off-by: K. Y. Srinivasan <ksrinivasan at novell.com> Index: linux.trees.git/drivers/staging/hv/tools/hv_kvp_daemon.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++

From: K. Y. Srinivasan <ksrinivasan at novell.com> Subject: An implementation of key/value pair feature (KVP) for Linux on HyperV. Signed-off-by: K. Y. Srinivasan <ksrinivasan at novell.com> Index: linux.trees.git/drivers/staging/hv/tools/hv_kvp_daemon.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++

This daemon gathers all the guest specific information needed to support = the HyperV KVP functionality. This daemon communicates with the kernel component via a netlink channel. Signed-off-by: ksrinivasan <ksrinivasan at novell.com> --- drivers/staging/hv/tools/hv_kvp_daemon.c | 470 ++++++++++++++++++++++++++= ++++ 1 files changed, 470 insertions(+), 0 deletions(-) create mode 100644

This daemon gathers all the guest specific information needed to support = the HyperV KVP functionality. This daemon communicates with the kernel component via a netlink channel. Signed-off-by: ksrinivasan <ksrinivasan at novell.com> --- drivers/staging/hv/tools/hv_kvp_daemon.c | 470 ++++++++++++++++++++++++++= ++++ 1 files changed, 470 insertions(+), 0 deletions(-) create mode 100644

All guest specific data gathering is implemented in a user-mode daemon. The kernel component of KVP passes the "key" to this daemon and the daemon is responsible for passing back the corresponding value. This daemon communicates with the kernel component via a netlink channel. Signed-off-by: K. Y. Srinivasan <ksrinivasan at novell.com> --- drivers/staging/hv/tools/hv_kvp_daemon.c

All guest specific data gathering is implemented in a user-mode daemon. The kernel component of KVP passes the "key" to this daemon and the daemon is responsible for passing back the corresponding value. This daemon communicates with the kernel component via a netlink channel. Signed-off-by: K. Y. Srinivasan <ksrinivasan at novell.com> --- drivers/staging/hv/tools/hv_kvp_daemon.c