Displaying 20 results from an estimated 7000 matches similar to: "How's 5.10 coming along?"
2017 Feb 09
5
Checksums for git repo content?
Hello John,
On Thu, 2017-02-09 at 16:33 +0000, John Hodrien wrote:
> On Thu, 9 Feb 2017, Leonard den Ottolander wrote:
>
> > How about my request for checksums in the git repo?
>
> What checksums would you actually want in git?
SRPMS are signed which allows the integrity of the contents to be
checked. Such an integrity check is missing from the git repo.
Either a checksum
2016 Oct 19
4
SSH Weak Ciphers
On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:
> Hello Gordon,
>
*snip*
>
> Personally I would be more concerned whether or not to enable ECDSA
> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).
>
> Regards,
> Leonard.
>
For web server ECDSA certs is currently a concern because the only
curves with popular support across browsers have parameters that were
2011 Apr 17
4
glibc-2.5-58.el5_6.2.i686 broken?
Hi,
I woke up Saturday morning unable to boot my freshly upgraded 5.6 with
grub hanging at "GRUB". After getting the boot loader fixed I
experienced crashes in evolution. Downgrading glibc to 2.5-58 seems to
fix these issues. Anyone else seeing this?
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2014 Oct 30
3
Corrupt selinux-policy-targeted-3.7.19-260.el6.noarch.rpm
Hi,
Updating selinux-policy-targeted to 3.7.19-260 fails. The archive seems
corrupt. Got another copy from
http://mirror.centos.org/centos/6/os/x86_64/Packages/ which also fails:
# rpm -Fv selinux-policy-targeted-3.7.19-260.el6.noarch.rpm
Preparing packages for installation...
selinux-policy-targeted-3.7.19-260.el6
warning: /etc/selinux/targeted/contexts/customizable_types saved
as
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 06:40 -0800, John R Pierce wrote:
> On 2/2/2017 6:22 AM, Leonard den Ottolander wrote:
> > However, the fact that the binary in the example is setuid is orthogonal
> > to the fact that heap spraying is a very serious attack vector.
>
> without privilege escalation, what does it attack ?
pkcheck might not be directly vulnerable. However, pkexec is.
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
> Escalation *requires* attacking a program in a security context other
> than your own.
Not necessarily. Suppose the adversary is aware of a root
exploit/privilege escalation in a random library. Then the heap spraying
allows this attacker to easily trigger this exploit because he is able
to initialize the entire contents of the
2015 Sep 03
3
virt-install message regarding Spice and TLS
On Wed, Sep 2, 2015 at 1:59 PM, Leonard den Ottolander <
leonard at den.ottolander.nl> wrote:
> Hello Mike,
>
> On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote:
> > I've been through the virt-install manpage a few times now to no avail.
> > What is wrong with my syntax here (seen below)?
>
> > ~]# virt-install --connect qemu:///system -n blahhost
2016 Dec 14
2
spec file frustration (rant)
Hello Jonathan,
On Wed, 2016-12-14 at 15:03 -0500, Jonathan Billings wrote:
> On Wed, Dec 14, 2016 at 07:29:19PM +0100, Leonard den Ottolander wrote:
> > > get_sources.sh
> >
> > The name suggests this is what we need (or do we??) If only I could find
> > that script anywhere...
>
> Johnny said it at the beginning of his email. I'll paste it again so
2016 Oct 17
3
SELinux context not applied
Hi,
I tried to apply a security context on a directory with the following
commands:
[root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?"
[root@ local]# restorecon -R netdot/
When I list the contexts, it is part of the list....
[root@ local]# semanage fcontext -l | grep netdot
./netdot(/.*)? all files
2017 Jan 27
4
Notes on openssh configuration
Hello list,
To my astonishment the openssh versions on both C6 and C7 will by
default negotiate an MD5 HMAC.
C6 client, C7 server:
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
C7 client & server:
debug2: mac_setup: setup hmac-md5-etm at openssh.com
debug1:
2015 Oct 26
2
Crash in gnome-terminal on New Profile
Hi,
Anyone else seeing this? C7 Gnome Desktop, opened a gnome-terminal,
click File -> New Profile and gnome-terminal-server gets killed.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2016 Sep 25
3
How to enable the svm cpu flag inside a vm?
On Sun, Sep 25, 2016 at 04:38:39PM +0200, Leonard den Ottolander wrote:
> The qemu-kvm option "-enable-nesting" that I dug up in the source looks
> promising. No mention in the man page on either C6 or C7 but it is
> mentioned here:
> https://www.redhat.com/archives/libvir-list/2012-October/msg01138.html
>
> How do I pass the "-enable-nesting" option to
2011 Apr 17
2
Heads up: Bugged update xorg-x11-server-utils-7.1-5.el5_6.1 upcoming
Hi,
Reading
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=37 I noticed a warning about an upcoming bugged update xorg-x11-server-utils-7.1-5.el5_6.1
I would advise everyone to add
exclude=xorg-x11-server-utils-7.1-5.el5_6.1
to their updates repo config.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2012 Aug 09
2
Latest sudo update for 5.8 breaks postgresql
Hello,
The latest update to sudo (sudo-1.7.2p1-14.el5_8.2) breaks postgresql.
https://bugzilla.redhat.com/show_bug.cgi?id=846631
It might break other services that rely on access to /etc/nsswitch.conf
too. Assuming you have a "sudoers" line in /etc/nsswitch.conf that file
will be recreated with incorrect file permissions.
After having had issues with selinux permissions on that
2012 Aug 17
1
Wiki dead links CentOS-Fasttrack
Hello,
The links under the CentOS-Fasttrack paragraph at
http://wiki.centos.org/AdditionalResources/Repositories all refer to non
existent pages/files at mirror.centos.org. Where can one find the repo
files and readme?
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2015 Apr 02
2
Openssl C6 distro tag different from upstream
Hi,
Just noticed that the distro tag used in openssl is different from
upstream. Upstream and the last update (openssl-1.0.1e-30.el6_6.7) use
"el6_6" where as the latest update (openssl-1.0.1e-30.el6.8) uses
"el_6". Any reason for this discrepancy?
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2015 Jun 20
1
Debuginfo repodata missing for C6
Hi,
The debuginfo repodata for C6 is missing:
http://debuginfo.centos.org/6/x86_64/repodata/7a42847903e6a76f9397c0bc9aca6afbbef1f74c-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
Error: failure:
repodata/7a42847903e6a76f9397c0bc9aca6afbbef1f74c-filelists.sqlite.bz2
from debug: [Errno 256] No more mirrors to
2017 Jan 27
2
Notes on openssh configuration
Hello Gordon,
On Fri, 2017-01-27 at 10:26 -0800, Gordon Messmer wrote:
> Cryptographers still consider MD5 secure for HMAC use. Wikipedia's
> references (currently 6, 7, and 8) in this article are useful:
>
> https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
https://en.wikipedia.org/wiki/MD5 seems to disagree:
"The security of the MD5 has been severely
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
Based on an article that was mentioned on this list
https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html
I found two attacker controlled memory leaks in the option parsing of
pkcheck.c. These memory leaks allow a local attacker the ability to
"spray the heap", i.e. initialize large parts of the heap before
launching his attack.
The original attack
2017 Feb 09
2
Checksums for git repo content?
Hello Johnny,
On Thu, 2017-02-09 at 09:07 -0600, Johnny Hughes wrote:
> Yes .. that content will be republished. It was an accident.
How about my request for checksums in the git repo?
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research