similar to: [Bug 10977] New: Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)

https://bugzilla.samba.org/show_bug.cgi?id=10936 Bug ID: 10936 Summary: Rsync path hijacking attack vulnerability Product: rsync Version: 3.1.1 Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: core Assignee: wayned at samba.org

Trying to figure out the syntax to set a mail_location for SQL. This doesn't work: userdb { driver = sql args = /etc/dovecot/master-combined-sql.conf override_fields = mail_location=maildir:/fakedir/%d/%n:INBOX=/fakedir:LAYOUT=fs } Does anyone know the proper syntax? Thanks in advance

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 19 May 2014, Marc Perkel wrote: > Trying to figure out the syntax to set a mail_location for SQL. This doesn't > work: > > userdb { > driver = sql > args = /etc/dovecot/master-combined-sql.conf > override_fields = > mail_location=maildir:/fakedir/%d/%n:INBOX=/fakedir:LAYOUT=fs > } > > Does anyone know

It would be handy (for me) if there were a userdb where a directory structure defined the db. userdb stat { mail_location=maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs } userdb stat { mail_location=maildir:/email/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs } The idea being that if the first directory doesn't exist then it will try the second one.

This patch adds a switch --fat-filenames which replaces all characters that aren't legal on FAT filesystems with an underscore. This is the first time I touch the rsync code, so I may not be going about it the right way, but it seems to be working. Naturally there's some potential for collisions, but it's probably better than what happens currently (such files are simply not copied).

The generator can skip a directory's contents altogether due to --ignore-non-existing, a daemon exclude, or a mkdir failure. On a --dry-run, the generator can also note the missingness of a directory while still scanning its contents. These two scenarios were conflated using a single set of missing_below/missing_dir variables in combination with transient increments in dry_run; this caused

> On Thu, Mar 12, 2015 at 05:44:02PM -0700, Daniel Dilts wrote: >> Does there exist a tool that could lift a binary (assembly for some >> supported target) to LLVM IR? If there isn't, does this seem like >> something that would be feasible? There's plenty of variations on the idea: Revgen/S2E, Fracture, Dagger (my own), libcpu, several closed-source ones used by

OK - Getting close to everything working in my weird configuration. Here's a problem I'm still having. I'm authenticating with this: userdb { driver = sql args = /etc/dovecot/master-combined-sql.conf } Default mail location: mail_location = maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs However - what I'd like to do is if the mail location doesn't exist then I

Hiya, I can see it's a regular subject on this list. I, like others wanted to use rsync to synchronise two block devices (as it happens one lvm volume and one nbd device served by qemu-img on a remote host from a qcow2 disk image so that I can keep the old versions) As I couldn't find any report of it being done successfully, I'm just sharing my findings as it might benefit others.

hello I am trying to download a large file (9 Go) with smbclient on a linux machine from a NAS. Apparently, smbclient mget has a timeout that prevents me to download this large file. smbget is a possible solution. Also I'm doing this over an ssh tunnel. So I need to proxify smbget. Yet I cannot specify another port than 445 on smbget. I am stuck. can anyone help me? thanks -- *--* *Mouloud

On 3/12/15 8:14 PM, Daniel Dilts wrote: > On Thu, Mar 12, 2015 at 6:33 PM, Ahmed Bougacha > <ahmed.bougacha at gmail.com <mailto:ahmed.bougacha at gmail.com>> wrote: > > > On Thu, Mar 12, 2015 at 05:44:02PM -0700, Daniel Dilts wrote: > >> Does there exist a tool that could lift a binary (assembly for some > >> supported target) to LLVM IR?

I''ve got my app running under cgi, but I keep getting pwned by fcgi. - app is installed at www.mydomain.com - web root is www.mydomain.com/public (this works w/ regular cgi) - /public has correct permissions - .htaccess: rewrite rule changed to use .fcgi - shebang on dispatch.fcgi and dispatch.rb is set to #!/usr/bin/ruby1.8 (also tried just ruby) -environment.rb : running in prod Any

On 02/11/2015 09:27 AM, James B. Byrne wrote: > PDFs are known vectors for malware. They have been exploited in the > past and no doubt will be exploited in the future. ... > That said, I readily admit that the risk posed by this particular > example is low. But, it is not zero. As an example, I found and downloaded a spec sheet several years back for a ADVA FSP-II upstream

On 07/25/2015 05:00 PM, Gordon Messmer wrote: > On 07/25/2015 11:45 AM, Jake Shipton wrote: >> I think a better solution to suite both worlds would be to simply have a >> boot flag on the installation media such as maybe >> "passwordcheck=true/false" > > https://xkcd.com/1172/ > > It's practically a law that every time someone's workflow is

As a reminder...the registration fees will increase on July 15th, so register now to save the fees. KVM Forum registration link is here: http://events.linuxfoundation.org/component/registrationpro/?func=details&did=34 Hotel and travel information is here (same hotel and venue as LinuxCon): http://events.linuxfoundation.org/events/linuxcon/hotel Here is the schedule (should be up on the LF

As a reminder...the registration fees will increase on July 15th, so register now to save the fees. KVM Forum registration link is here: http://events.linuxfoundation.org/component/registrationpro/?func=details&did=34 Hotel and travel information is here (same hotel and venue as LinuxCon): http://events.linuxfoundation.org/events/linuxcon/hotel Here is the schedule (should be up on the LF

On Jul 28, 2015, at 1:06 PM, Chris Adams <linux at cmadams.net> wrote: > > Once upon a time, Warren Young <wyml at etr-usa.com> said: >> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. > > Since most of that crap comes

Add-on: Network UPS Tools Manage battery backup (UPS) devices----------------------------------------------------------- Add-on version: 0.2.0 You are running the latest version of this add-on. System: HassOS 4.10 (armv7 / raspberrypi4) Home Assistant Core: 0.110.7 Home Assistant Supervisor: 227----------------------------------------------------------- Please, share the above information when

s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service base-addon-banner: starting ----------------------------------------------------------- Add-on: Network UPS Tools Manage battery backup (UPS) devices----------------------------------------------------------- Add-on version: 0.13.0 You are running the latest version

On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote: > Security is *always* opposed to convenience. False. OS X by default runs only signed binaries, and if they come from the App Store they run in a sandbox. User gains significant security with this, and are completely unaware of it. There is no inconvenience. What is the inconvenience of encrypting your device