Displaying 20 results from an estimated 800 matches similar to: "Is the server portion of freebsd-update open source?"
2005 Sep 22
7
Mounting filesystems with "noexec"
Hello,
I've been playing a bit with the "noexec" flag for filesystems. It
can represent a substantial obstacle against the exploitation of
security holes.
However, I think it's not perfect yet.
First thing, an attempt to execute a program from a noexec-mounted
filesystem should be logged. It is either a very significant security
event, or it can drive nuts an
2005 Sep 22
2
Tunnel-only SSH keys
Hello.
I once read somewhere that it's possible to limit SSH pubkeys to
'tunnel-only'. I can't seem to find any information about this
in any of the usual places.
I'm going to be deploying a few servers in a couple of days and
I'd like them to log to a central server over an SSH tunnel (using
syslog-ng) however I'd like to prevent actual logins (hence
2005 Nov 26
7
Reflections on Trusting Trust
or "How do I know my copy of FreeBSD is the same as yours?"
I have recently been meditating on the issue of validating X.509
root certificates. An obvious extension to that is validating
FreeBSD itself.
Under "The Cutting Edge", the handbook lists 3 methods of
synchronising your personal copy of FreeBSD with the Project's copy:
Anonymous CVS, CTM and CVSup. There are
2005 Oct 31
1
More on freebsd-update (WAS: Is the server portion of freebsd-update open source?)
> Date: Sat, 29 Oct 2005 07:34:28 -0700
> From: Colin Percival <cperciva@freebsd.org>
> Subject: Re: Is the server portion of freebsd-update open source?
> To: markzero <mark@darklogik.org>
> Cc: freebsd-security@freebsd.org
> Message-ID: <43638874.2020004@freebsd.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> markzero wrote:
> > No this
2005 Apr 28
1
make installworld, permissions and labels
Just a quick question,
My system is quite heavily customised with regard to permissions
and MAC labels on system binaries. Is there any way to stop
make installworld resetting all my customisation? At the moment
I have a set of scripts to set permissions on everything but that's
not exactly ideal.
Mark
--
PGP: http://www.darklogik.org/pub/pgp/pgp.txt
B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F
2005 Jul 21
7
FW: Adding OpenBSD sudo to the FreeBSD base system?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I really do not agree with adding it to the base system.
Just because you guys use sudo does not mean other people do.
In fact many people do not have a use for sudo at all.
Not every one gives out root accounts. You are only adding another utility
In that can possibly be used to escalate privileges.
Every time I secure a system I spend some time
2005 Mar 05
2
Heads up: End of RELENG_4_8 support
At the end of March, the RELENG_4_8 (sometimes called 4.8-SECURITY)
branch will reach its designated End of Life and cease to be supported
by the FreeBSD Security Team.
Released in April 2003, FreeBSD 4.8 was the first release designated
for "extended" two-year security support instead of the normal one-year
support. Over this time, 27 security advisories have been issued which
have
2004 Oct 26
5
please test: Secure ports tree updating
CVSup is slow, insecure, and a memory hog. However, until now
it's been the only option for keeping an up-to-date ports tree,
and (thanks to all of the recent work on vuxml and portaudit)
it has become quite obvious that keeping an up-to-date ports
tree is very important.
To provide a secure, lightweight, and fast alternative to CVSup,
I've written portsnap. As the name suggests, this
2007 Oct 05
4
missing Advisory at ftp.freebsd.org
Hi,
I am missing the advisory for openssl at ftp://ftp.freebsd.org/CERT/
Background:
For long time i used the the quickpatch utility at my workstation to
notify me about issues and *how* to fix it.
With the web based advisory this is not possible since the .asc file
contains only the pgp signature (no more details).
Regards,
olli
2005 Jun 15
2
FreeBSD 5.4 SMP kernels now available via FreeBSD Update
It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite
popular, so I've started building an SMP kernel for FreeBSD 5.4 as
well, in addition to the usual GENERIC kernel. To take advantage
of this on your FreeBSD 5.4 SMP system, run the following commands
as root:
# touch /boot/kernel/SMP
# freebsd-update fetch
# freebsd-update install
# echo 'bootfile="SMP"'
2006 May 10
4
Freebsd-update and 6.1-RELEASE
Hi guys,
Does anybody know if freebsd-update is going to be available for
6.1-RELEASE before the end of Colin's "summer of FreeBSD work"?
I wouldn't like to bother Colin directly via e-mail, so if anyone
already asked for this or something....
Thanx, regards
--
Pietro Cerutti
<pietro.cerutti@gmail.com>
2003 Aug 24
3
EoL dates
Is there any reason why releases have EoL dates after only 12
months? While it's clear that some sort of EoL is important, I can't think
of any security advisories recently which weren't accompanied by patches
for all the security branches, even those which are no longer officially
supported.
Colin Percival
2006 Oct 10
3
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Bill Moran wrote:
> This report seems pretty vague. I'm unsure as to whether the alleged
> "bug" gives the user any more permissions than he'd already have? Anyone
> know any details?
This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
and RELENG_6. There is no opportunity for either remote denial of service
or any privilege escalation.
>
2014 Sep 22
2
[PATCH] drm/nv84+: fix fence context seqno's
This fixes a regression introduced by "drm/nouveau: rework to new fence interface"
(commit 29ba89b2371d466).
The fence sequence should not be reset after creation, the old value is used instead.
On destruction the final value is written, to prevent another source of accidental
wraparound in case of a channel being destroyed after a hang, and unblocking any other
channel that may wait on
2005 Mar 17
1
no patch, is there a problem
http://www.securityfocus.com/bid/12825/info/
no patch or anything, is there any action on this?
2006 Mar 28
5
Your RoR 1.1 Adoption Prediction?
What is the likelyhood that major inexpensive webhosts like godaddy,
bluehost, etc. will upgrade to RoR 1.1? Is this going to be like PHP 5
where it has to percolate for a year or more before it becomes widly
available? Your thoughts?
Along the same lines... is it possible to adopt some of the new improved
Ajax / javascript capabilities without actually upgrading the ruby
installation?
2003 Dec 10
1
cvs version 1.11.10 import? [security fix]
On a recent NetBSD commit I saw that they have imported cvs 1.11.10 as a
security fix yesterday:
http://mail-index.netbsd.org/source-changes/2003/12/10/0025.html
http://mail-index.netbsd.org/source-changes/2003/12/10/0026.html
itojun has clairfied the commit in a mail sent to tech-userlevel list of
NetBSD:
http://mail-index.netbsd.org/tech-userlevel/2003/12/10/0003.html
Will this affect
2003 May 12
4
xdelta files for security patches
Has xdelta (in ports under misc/xdelta) ever been considered as a means of
delivering binary patches for security updates?
It seems to be a pretty neat.
--
Regards,
Michael Nottebrock
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url :
2005 Jun 29
3
Perl master site changed to tobez.org?
Tobez: no disrespect intended, obviously you saw a problem with the
master sites for perl 5.8.7 and did what you could to help, and with
your position as a maintainer, I know that the trust we have in you and
your patches is well earned, so don't take this question as anything but
my well-earned paranoia rearing its ugly head:
Yes, building perl5.8.7 did seem like it had a lot of problems
2004 Mar 05
2
Security Officer-supported branches update
The FreeBSD Security Officer would normally be sending out this email,
but he's a bit busy right now and it is clear from reactions to FreeBSD
Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of
the current status of the RELENG_5_1 branch, so I'm going to send out
this reminder myself.
The branches supported by the FreeBSD Security Officer have been
updated to reflect