similar to: [PATCH] Configurable privileges and chroot jail

This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot

On Mon, 2001-09-17 at 00:02, Alex Stansfield wrote: > Hi, > > The only need I have for icecast is as a transparent proxy. The problem > is I can't get it to work as one, is this feature implemented I fixed the problem, it seemed that in source.c in the function source_login in this piece of code: -- write_log (LOG_DEFAULT, "Accepted encoder on mountpoint %s from %s. %d

Hey, Well, that was easy :-) Patch against CVS follows: Summary: Created a boolean option allow_zero_gid, when set to yes it will allow logins from users whose group id is zero. Tested with KMail 3.1.1 on FreeBSD 4.8. I'm not sure if my method for passing the boolean via the environment is correct, it looks a little on the ugly side. Index: src/lib/restrict-access.c

To all users: The recently exploits announced at bugtraq can be fixed by the following patch. This patch should fix a few other potential holes as well, and I will post a followup patch soon that is even more thorough. Note: this exploit would give the attacker priviledges of the user running icecast. If you are running icecast as a normal user account or as root, this would be a good time to

To all users: The recently exploits announced at bugtraq can be fixed by the following patch. This patch should fix a few other potential holes as well, and I will post a followup patch soon that is even more thorough. Note: this exploit would give the attacker priviledges of the user running icecast. If you are running icecast as a normal user account or as root, this would be a good time to

Hi Karl, Thanks for your help, About the "Connection:" header, you are right, it's: "Connection: close" and NOT "Connection: keep-alive". The protocol when the SERVER sends the data is http 1.0. It's http 1.1 when the browser requests the data. I don't understand the "Content-Length: 54000000" header either. Also I noticed the flash player on

stvs wrote: > Is there a way to tell WINE that question marks in directory names are okay? WINE fails whenever I ask it to access a file from within a directory with a question mark in its name. I had the exact same problem. The only workaround is to get that folder renamed to DOS compatible characters, let comskip run through Wine, and then change the name back again. I had to change the

Will someone please tell me why this code... -------------------------------------------- def test org = Organization.find(1) write_log("Org: #{org.inspect}") write_log("Org name: #{org.org_name}") end ---------------------------------------------- ...is returning the blank org_name below? Am I accessing the object''s attribute wrong?

With apologies, I can''t figure out the simplest thing: How to reference a record id instead of the internal memory location of that value. I''m new to Ruby but otherwise a veteran VB6/SQL programmer. My code: <snip> sSQL = "SELECT id, org_name FROM organizations WHERE user_id = ''#{sUserId}'' AND user_password =

I've created a patch that adds a feature that is helpful to my setup. If 'parent_dir_umask' is set in the configuration file, any missing directories in the home directory path are created. The home directory itself is created according to the 'umask' setting, 'parent_dir_umask' is only used for intermediate directories that might need creating. This is useful to me,

Hi I have some warnings compiling icecast and i would like to know if they are serious problems it seem to work fine i think i am not a programmer so the warnings say nothing to me ystem slackware 8 i386 these are the warnings gcc -DHAVE_CONFIG_H -I. -I. -I.. -D_REENTRANT -g -O2 -Wall -c main.c main.c: In function `clean_shutdown': main.c:547: warning: type defaults to `int'

On Wednesday 30 May 2001 07:59 am, you wrote: > Hello everyone, > > I am very tempted to try and use icecast as the weapon of choice > to realize a live audio stream for the radio station I work for. > > Now, the last time I tried the FreeBSD port of Icecast, it > immediately consumed something like 95% CPU time, even without > any client connected. I think someone else

Hi, The only need I have for icecast is as a transparent proxy. The problem is I can't get it to work as one, is this feature implemented? When I setup XMMS with a proxy of the computer running icecast (1.3.11) I get this in the logs when trying to connect to a stream: [16/Sep/2001:23:59:31] [9:Connection Handler] Accepted encoder on mountpoint 205.188.234.34:8004/ from

I tried to get icecast2 and BLAMO Error: Failed to spawn GNU rlog on '/cvsroot/icecast-1.1//Makefile.in,v' '/cvsroot/icecast-1.1//acconfig.h,v' '/cvsroot/icecast-1.1//commandline.c,v' '/cvsroot/icecast-1.1//commandline.h,v' '/cvsroot/icecast-1.1//commands.c,v' '/cvsroot/icecast-1.1//commands.h,v' '/cvsroot/icecast-1.1//config.h.in,v'

While I was trying to get the patch to work on one of my AIX hosts (4.3.3), I discovered what is probably a bug in the section of code in session.c. for (i = 0; i < options.num_chroot_users; i++) { if (match_user(pw->pw_name, hostname, ipaddr, options.chroot_users[i])) { dir = chroot_dir(pw); /* 'dir' now points to memory block holding pathname */

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp

This is another take on logging for sftp-server. Given the number of private email requests I've received for this patch, I assume there is signifigant enough interest to request it be reviewed for inclusion into the release. The patch is against 3.1p1, and is completely disabled by default. To enable logging, one must use compile time directives (-DSFTP_LOGGING). This was done due to prior

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

I suspect that there is bug in sub when using "?": > string_"This is a bug!" > sub("!", ", or isn't it?", string) [1] "This is a bug, or isn't it?" > string_"This is a bug?" > sub("?", ", or isn't it?", string) [1] "This is a bug?" Regards, *** D.Trenkler ***