Displaying 20 results from an estimated 7000 matches similar to: "Re: Re: Towards a solution of tmp-file problems"
1998 Mar 11
4
Re: Towards a solution of tmp-file problems
Hi everyone,
Thanks all for your feedback. Here is a reply to most of your
comments....
Roger.
Chris Evans wrote:
> On Mon, 9 Mar 1998, Rogier Wolff wrote:
> > not to give those rights away. A non-setuid program should not have to
> > worry about buffer overruns (you can crash the program, wow!). It
> Just a reminder, that in some cases, it _should_ worry. As a
1998 Mar 12
0
Re: Re: Re: Towards a solution of tmp-file problems
>
>For example (and this is only an example), a private namespace may be
>assigned for each user at login time (at the level of the login shell).
>Thus, the user''s "ls" commands see files in whatever directory the
>private namespace is rooted, and for all intents and purposes it appears
>to be an ordinary filesystem. Yet no other users can see this. User runs
1998 Mar 12
6
Re: Re: Re: Re: Towards a solution of tmp-file problems (fwd)
>Forwarding a message from Steve \"Stevers!\" Coile:
>> This is already possible. Create the file then unlink it. The file
>> contents aren''t deleted and i-node isn''t released until the file is
>> closed.
>
>Without kernel support, unlinking the file at creation time requires
>a code change in the process which creates the file. And this
1998 Mar 11
0
Re: Re: Re: Towards a solution of tmp-file problems (fwd)
Forwarding a message from Steve \"Stevers!\" Coile:
> This is already possible. Create the file then unlink it. The file
> contents aren''t deleted and i-node isn''t released until the file is
> closed.
Without kernel support, unlinking the file at creation time requires
a code change in the process which creates the file. And this doesn''t
protect
1998 Mar 09
2
Towards a solution of tmp-file problems.
Introduction.
------------
Every now and then a new "exploit" turns up of some program that uses
tmp files. The first solution was "sticky bits", but since links exist
(that''s a LONG time), that solution is inadequate.
Discussion.
----------
The problem is that you put an object (link/pipe) in the place where
you expect a program to put its tempfile, and wait for
1998 Mar 12
1
Re: message rejected: Re: Re: Towards a solution of tmp-file problems.
G''day Roger,
Forwarding a message from wolff@BitWizard.nl:
> Passing by fd means coding changes.
>
> The C compiler classically compiles you C program to preprocessed C
> code in /tmp/ccxxxxx.i, throws that at the first compiler pass, ends
> up with /tmp/ccxxxxx.s, throws the assembler at that file, gets
> /tmp/ccxxxxxx.o and finally throws a linker at that file to
1997 Apr 29
9
Yet Another DIP Exploit?
I seem to have stumbled across another vulnerability in DIP. It
appears to allow any user to gain control of arbitrary devices in /dev.
For instance, I have successfully stolen keystrokes from a root login as
follows... (I could also dump characters to the root console)
$ whoami
cesaro
$ cat < /dev/tty1 <------ root login here
bash: /dev/tty1: Permission denied
1998 Mar 12
1
tmp files problem
Hi
It seems that the problem is that you wish to make private
for the user, some files, which, for other purposes, should yet
remain possibly shared.
This problem, for my own, is typically a resource-sharing
problem, and may be simply solved in a password-like way.
That is, each temp file should be generated with a randomized
name.
It has been said that this implies 1) modifying shell
1997 Mar 06
1
SuperProbe and others
Hi,
Recently once again an exploit for SuperProbe was posted to the
bugtraq. That message was forwarded to linux-security and Rogier Wolff
rejected it on the basis of the author of the SuperProbe (David Wexelblatt)
comment that it was never intended to be suid.
In general, there is absolutely no reason for programs that are
supposed to be run only by root to be suid to root!
If your
2009 Jan 14
4
CentOS-5.2 su -l is failing
I am encountering an odd problem with su. Up until quite recently I was
able to connect to one of my servers (CentOS-5.2) via ssh as an ordinary
user and then, from the shell, perform an $ su -l to obtain root access.
Now when I try to do this I see the following:
$ su -l
Password:
su: incorrect password
If, instead of I ssh to this machine as the root user ($ ssh -l root host)
and enter
2007 Dec 02
1
speeding up likelihood computation
R Users:
I am trying to estimate a model of fertility behaviour using birth history data with maximum likelihood. My code works but is extremely slow (because of several for loops and my programming inefficiencies); when I use the genetic algorithm to optimize the likelihood function, it takes several days to complete (on a machine with Intel Core 2 processor [2.66GHz] and 2.99 GB RAM). Computing
2013 May 02
0
How does dsgh do the standardization?
Hi,
I try to understand how the generalized hyperbolic distribution is
standardized. One reference is the rugarch vignette, page 16-18:
http://cran.r-project.org/web/packages/rugarch/vignettes/Introduction_to_the_rugarch_package.pdf
I looked at the code of the dsgh function in the fBasics package:
> dsgh
function (x, zeta = 1, rho = 0, lambda = 1, log = FALSE)
{
if (length(zeta) == 3) {
2010 Nov 16
2
Integrating functions / vector arithmetic
Hello,
I was trying to build some functions which I would like to integrate over an
interval using the function 'integrate' from the 'stats' package. As an
example, please consider the function
h(u)=sin(pi*u) + sqrt(2)*sin(pi*2*u) + sqrt(3)*sin(pi*3*u) + 2*sin(pi*4*u)
Two alternative ways to 'build' this function are as in f and g below:
coeff<-sqrt(1:4)
2004 Sep 23
11
1.0 Mirrors
Hello,
Please be conscious of Digium's bandwidth and use a Mirror when
downloading 1.0. I have mirrored the tarballs at:
ftp://ftp.nacs.net/asterisk/
Direct links:
ftp://ftp.nacs.net/asterisk/asterisk-1.0.0.tar.gz
ftp://ftp.nacs.net/asterisk/asterisk-sounds-1.0.0.tar.gz
ftp://ftp.nacs.net/asterisk/libpri-1.0.0.tar.gz
--
Vice President of N2Net, a New Age Consulting Service, Inc.
2015 Jul 12
2
Why no support for 3-digit HEX colours?
When specifying an RGB colour in R, is there a strong reason not to accept
3-character HEX codes? In CSS and many other languages, a colour of "#ABC"
is automatically converted to "#AABBCC", and I was wondering if R could
support that as well, or if it was a conscious decision to not support it.
---
http://deanattali.com
[[alternative HTML version deleted]]
2006 May 30
4
Rails / ActionPack thread safety
Hi all,
Both the rails book (1st Ed) and the docs on the rails site (*and* the
Mongrel FAQ) tell me that rails (& ActionPack /ActiveRecord) is not
threadsafe. Since I need lots of worker threads in the app I''m working on
(details at the end of this mail) this poses quite a problem for me.
Is the lack of thread safety a conscious design decision (kind of
understandable for rails
2005 Jun 07
2
Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
Package: logcheck
Version: 1.2.39
Severity: normal
Since I've upgraded my servers to sarge, I'm getting mail every hour for
stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns
out that sarge's version no longer reads that file.
If this was a conscious decision, then there should be some warning
about this when upgrading (via debconf of NEWS.Debian). Also, the
2017 Aug 18
1
A question about for loop
Dear R users,
I have the following codes:
zeta <- rep(1,8)
n <- 7
for (i in 1:2){
beta <- zeta[1:n+(i-1)*(n+1)]
print(beta)
parm <- zeta[i*(n+1)]
print(parm)
}
###################
The output is as follows:
[1] 1 1 1 1 1 1 1
[1] 1
[1] NA NA NA NA NA NA NA
[1] NA
#######################
The outcome I want to get is:
[1] 1 1 1 1 1 1 1
[1] 1
[1] 1 1 1 1 1 1 1
[1] 1
How could I get the
2003 Oct 11
1
boot statictic fn for dual estimation of 2 stats?
Hi,
I am trying to use boot() to refit an ordinal logit (polr in MASS) model.
(A very basic bootstrap which samples from the data frame without
replacement and updates the model.)
I need to extract two statistics per run (the coefficients and zeta) and I
tried concatenating them into a single vector after fitting, but I get the
following error:
Error in "[<-"(*tmp*, r, ,
2015 May 06
3
VirtIO drivers and CentOS 5.4(Final)
> You have several hundred more Critical or Important security updates
> outstanding. If that box touches the Internet in any way, it is likely
> compromised. Just in the last 6 months there are 21 Important or
> Critical updates.
That is an important qualifier: *If* that box touches the Internet in any way.
Although one might add that attacks on the LAN can be nastier since there