similar to: resource starvation against passwd(1)

http://bugzilla.mindrot.org/show_bug.cgi?id=301 Summary: In openssh 3.3 and 3.4 pam session seems be called from non-root Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: critical Priority: P3 Component: sshd AssignedTo:

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

From: Wade Maxfield <maxfield@ctelcom.net> > Many thanks to the moderator who pointed out errors and suggested the > correct information on this post. Over half the ideas are due to him. ;) > 1. Programs put data in local variables in functions. These variables > are on the computer stack. Feeding data to those variables (usually > string variables) causes the

As will be seen from these code fragments (and experiment) a noclobber option in bash or pdksh (or ksh on AIX) will do limited clobbers. 1) They will clobber named pipes. (mknod /tmp/predicted p cat /tmp/predicted > $stolen cat $switched > /tmp/predicted ) & 2) They will clobber symlinks. ln -s /some/new/target /tmp/predicted 3) They can be raced.

Kyle Ferrio: > Unfortunately, his last act was to rm -rf /var/log so I don't know > exactly how he got root. Definitely a remote exploit, though. > Does anyone have advice on mirorring syslog to "secret" locations, > preferably encrypted? Losing logs makes it hard to do a risk assessment. > For all I know, I'm still vulnerable after updating bind. As for safe

Hi! I wrote a small patch to enable /etc/limits support in openssh. nice thing when you don't have PAM installed.. It is based on Ultor's openssh 1.x patch (http://marc.theaimsgroup.com/?l=secure-shell&m=96427677022741&w=2) Works fine on slackware7.1. define USE_ETC_LIMITS in config.h , and compile as usual. Sagi -------------- next part -------------- diff -N -u

Hello there, we are running samba-2.2.5 under AIX4.3.3 (IBM silver node). As we tried to run the perl module Filesys::SmbClient we found the following problem in samba-2.2.5/source/libsmb/libsmbclient.c : AIX returns for "rlp.rlim_max" (file handler) the largest unsigned integer. Inside the function smbc_init the variable "smbc_start_fd" is calculated by adding a "guard

Hy all.. i've just subscribed to the list thow i've been using wine for a while now. I 've emeregd (I have Gentoo) the latest wine and , Here-s what i get: mihaiv bin # wine /usr/local/bin/wine-kthread: could not open mihaiv bin # /usr/local/bin/wine-kthread Wine 20041019 Usage: wine PROGRAM [ARGUMENTS...] Run the specified program wine --help Display this help and exit wine

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: Security Patches for Slackware 7.0 Available There are several security updates available for Slackware 7.0. We will always post bug fixes and security fixes to the /patches subdirectory on the ftp site:

Version 2.0.5a (same prob w/2.0.4b, though). smbsh segfaults after I enter my password. As root, it just seg faults. As my login user, it dumps core. Attached is a script of an strace of it. Running RH 6.0, kernel 2.2.10, AMD K6-2/350, 64M RAM. Configure options were: CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%{pref} --libdir=/etc \ --with-lockdir=/var/lock/samba

Package: src:xcp-vncterm Version: 0.1-2 Severity: important Tags: sid jessie User: debian-glibc at lists.debian.org Usertags: ftbfs-glibc-2.17 The package fails to build in a test rebuild on at least amd64 with eglibc-2.17, but succeeds to build with eglibc-2.13. The severity of this report may be raised before the jessie release. The test rebuild was done together with GCC-4.8, so some issues

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

Hello, I'm trying to squeeze out maximum possible transfer between two Samba 3.3.1 servers. Both servers and switch supports jumbo frames, network link and disks does not appear to be bottleneck, between these two servers FTP transfer rates are about 115MB/s (1gbit link is saturated at this point) - and I'd like to see similar transfer from Samba (now I get half of it). 10.0.0.5 # wget

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When are you all going to make Samba compatible with CCC (Compaq Compiler)? I would really like to be able to compile it using CCC but I keep getting the errors listed below. I was wondering, could please point me in the right direction for a solution to this dilemma? ==================== ERROR MESSAGE ==================== Using FLAGS = -O -fast

Hi, I'v included speex-lib into my http://www.visit.se/~pointless IP-Sound streaming app. When using speex the sound is being garbled for short intervals, approx every 20:th second. Sounds like buffer starvation..... but in between it sounds 100% ok. As I am using other "codecs" with success there might be something that I have missed in the implementation of speex. Using

Hello, If an ordinary user runs: -- snip -- cat > starv.c <<EOF main(){ char *point; while(1) { point = ( char * ) malloc(10000); }} EOF cc starv.c while true do ./a.out & done -- snip -- This will fast starv the operating system (FreeBSD 6.2). I have tried to limit the number of processes and the amount of memmory consumed (in login.conf). There is also a file /etc/malloc.conf

Hi, I'm rather new to this project, having stumbled across it earlier this afternoon, so forgive me if I'm still trying to find my way around. I was in the need of an alternative to NFS that would let me spread the task of sharing my downloaded source code files across a couple of boxes, and GlusterFS looked like a great candidate, having had no luck with Coda or OpenAFS. I also want

I think I''ve run into some kind of queue starvation bug w/ DRb - it normally takes minutes per item to process items in the queue, and normally the queue has a bit of a backlog. But when it''s empty (nothing coming in), it seems to stop checking for new work. Has anyone else run into this w/ DRb? Any suggestions for debugging this? Thanks, m

Hi! I was hoping to receive some help on a difficult matter - I have tried a lot already. http://stackoverflow.com/questions/12468781/rails-thread-starvation That''s the link, I hope it is ok to link there. Thanks! Carl -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to