similar to: Re: Buffer Overflows: A Summary

In article <Pine.LNX.3.95.970503190235.5733A-100000@puck.nether.net>, Myles Uyema <linux-security@redhat.com> wrote: > [mod: But from reading the source I think you don''t need a /dev entry > to remount the partition without the nodev. Moreover you could MAKE > the /dev entry and use that if it were necessary. But that is not the > issue. The issue is that a

Martin Pool wrote: > > > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU> > > Date: 05 May 1997 12:23:05 -0400 > > > [mod: Yes. One "catchall" would be to modify "suser()" to return > > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > > chrooted environment just

Phexro <ieure@linknet.kitsap.lib.wa.us> writes: > chroot()''d processes. So, important system calls could be modified thus: Since there are tons of syscalls and new ones appearing all the time, "Fixing" some of them doesn''t seem like a good idea. It seems more reasonbale to deny access to all of them, except for a few specific ones (that can moreover be

On Tue, 14 Jul 1998, cfb wrote: > The main problem seems to be with the way that debian starts bind using > the script /etc/init.d/bind. I thought it would be really neat to just > change the #!/bin/sh at the top of the script to something like : > #!/usr/sbin/chroot /chroot-dns/ /bin/sh > or > #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing

Just to let people know what my big picture is, I''m trying to write a script that will let me run a program, and name a progeny of that program that I want to debug. My script should find the first occurrence of that progeny, and run it until it finishes initializing the runtime linker, but stop it before it runs any shared library startup routines. (Failing that, I''d be okay

Hi Expert I want to use dtrace to monitor the content change of one file. I made following scripts, #!/usr/sbin/dtrace -s inline int MYPID = $1; syscall::write:entry /pid == MYPID/ { tracemem(arg1, arg2); printf("\n"); } It always has an following error bash-3.00$ sudo dumpFIFO.dtrace 3836 dtrace: failed to compile script ./dumpFIFO.dtrace: line 19: tracemem( ) argument #2

Hi all, I am newbie for llvm. I just create a global variable, there are some statements in my pass like: LoadInst* int64_64 = new LoadInst(pthreadPID, "", false, OptAplusOne); int64_64->setAlignment(8); int64_64->dump(); LoadInst* int32_65 = new LoadInst(gvar_int32_myFlag, "", false, OptAplusOne); int32_65->setAlignment(4);

Hi - I have attempted to use the fork::fork() function to perform parallel processing. However, the child R function called needs to know a given set of parameters to complete its task. Specifically, I iterate through a vector, and output values based on the elements of that vector to a database. The output strings contain elements of the iterated vector. I mocked-up the following code as an

Greetings, I have a pack of SunRay network computers in kiosk mode and I need to print to the Pharos printing system. Not surprisingly, Pharos runs on Windows. It is currently set up on Windows 2003 server. To print to this system you have to authenticate to the Activate Directory the Pharos server is a member of. I thought my best bet to pull this off was to use Samba. The

I am teaching a DTrace class and a student noticed that 2 iosnoop scripts run in two different windows were producing different results. I was not able to answer why this is. Can anyone explain this. Here are the reults from the two windows: # io.d ... sched 0 <none> 1024 dad1 W 0.156 bash 1998

Hi! I am using xen-tools version: 3.9-4 to create domUs: 1. time xen-create-image --verbose --dist=lenny --install-source=/mnt/xen-file-images/lenny-64-template-debootstrap-30Jun09-fix2.tar --hostname dummy --ip xxx.xxx.xxx.xxx --force 2. xm create dummy.cfg Then I get the message Device /dev/vg0/dummy-disk is mounted in the privileged domain, and so cannot be mounted by a guest. 3. When I

I picked up the following from Bugtraq. -----Forwarded message from David Phillips <phillips@PCISYS.NET>----- MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-ID: <01BC5D8D.679DD4A0@frank56.pcisys.net> Date: Sat, 10 May 1997 21:56:05 -0600 Reply-To: David Phillips <phillips@PCISYS.NET> Sender: Bugtraq List

Hey all, If you''re like me and use git submodules heavily (I vendor everything, and every plugin is a submodule), you might like to hear about code published this morning to make it easier to manage multiple git submodules in a shared-server environment. It''s imaginatively titled ''git-rake'', and it does Good Things like: * aggregates submodule commit logs into

As halflife demonstrated in Phrack 50 with his linspy project, it is trivial to patch any system call under Linux from within a module. This means that once your system has been compromised at the root level, it is possible for an intruder to hide completely _without_ modifying any binaries or leaving any visible backdoors behind. Because such tools are likely to be in use within the hacker

Hello Hendrik Can you help input 2 commands 'mount' and 'df -TPh' on OMV, and post the output to us, thank you. -- Regards, Jones Syue | ??? QNAP Systems, Inc.

On 06/10/2013 01:41 PM, pr.G wrote: > On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote: >> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: >>> On 06/09/2013 08:14 PM, pr.G wrote: >>>> Hello. >>>> >>>> Is it possible to start container via libvirt_lxc without mounting /sys >>>> inside container?

I have been trying very hard to seek help with my very complex issue but so far none have been successful. So I would like to try this mailing list, maybe there are some experts who know what they're talking about. Please refer to my experts-exchange question, all the required information will be there. It is more practical to send you to the webpage than paste out what I've done.

Hello! How do i get pass this error? offlinehacker:~/ $ virsh --debug 0 -c lxc:/// create o1.xml create: file(optdata): o1.xml error: Failed to create domain from o1.xml error: internal error: No valid cgroup for machine c1 My cgroups seem to be mounted: cgroup on /sys/fs/cgroup/systemd type cgroup

On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: > On 06/09/2013 08:14 PM, pr.G wrote: > > Hello. > > > > Is it possible to start container via libvirt_lxc without mounting /sys > > inside container? > > > > When I start container via lxc-start and do not add mount point to config, > > then /sys inside container is empty. > > >

Hi, I am trying to secure my CentOS file systems by introducing "nodev" to devies defined in /etc/fstab. I learned that "nodev" prevents users from mounting unauthorized devices. However, I can still mount a cdrom to /tmp/cdrom with the following defined in /etc/fstab. Am I missing something? Thanks. LABEL=/tmp /tmp