helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr | Forum profile
|
|
Forum profile page for helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr on http://www.opensolaris.org.
This report page is the aggregated overview from a single forum: helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr , located on the Message Board at http://www.opensolaris.org.
This forum profile page summarizes the general forum statistics such as: Users Activity, Forum Activity, and Top Authors, which are reported in either a table or graph below for a given reporting time period.
Additional forum profile information for "helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr " on the Message Board at http://www.opensolaris.org is also shown in the following ways:
1) Latest Active Threads
2) Hot Threads for Last Week
Warning: These statistics are generated using 'best efforts' and can experience delays and reporting errors at times. Please note that such statistics do not constitute a forum's popularity and/or exact posting volumes at any given reporting period.
|
|
|
|
|
Posting activity on helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr :
|
|
Week
|
Month
|
3 Months
|
|
Threads:
|
8
|
50
|
108
|
|
Post:
|
13
|
152
|
355
|
|
|
helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr Posting activity graph:
|
Top authors during last week:
user's latest post:
Privileges(5) aware Apache httpd...
Published (2008-11-21 05:04:00)
I discovered the announcement of a module to make Apache OpenSolaris privileges(5) aware. I haven't played with this yet but the description alone sounds very useful. http://www.mail-archive.com/dev at httpd dot apache dot org/msg42159.html Seems like the same type of change could be used to have different TX labels too. -- Darren J Moffat _______________________________________________ security-discuss mailing list security-discuss at...
user's latest post:
Privileges(5) aware Apache httpd...
Published (2008-11-22 11:12:00)
Forking a child per-request is more overhead than many users find acceptable. As regards the semantics, the basic premise is that a lock (or perhaps more appropriately a key) object be required to unlock it. That object is then not exposed to untrusted code. That reduces the risk to one of malicious code that can guess the location in memory of the key.
user's latest post:
Re: [cifs-discuss] CIFS Client...
Published (2008-11-21 11:43:00)
Dan McDonald writes: > > We have changes for the OpenSolaris CIFS client that > > implement SMB > > "signing". For an Overview of SMB signing, see: > > http://support.microsoft.com/kb/887429 > > You really should also put this on security-discuss. In fact, I think I'll do that now! [Added author back into cc-list.] > I won't even begin to discuss...
user's latest post:
Heads up: PASSREQ is being...
Published (2008-11-17 04:27:00)
On 11/17/08 13:27, Darren Reed wrote: > This is likely to trip up a lot of people... I agree with your assessment that the current solution is not optimal. I'd rather have an installer that refuses to take an empty password for root. IMO it's ok to make it hard configure an insecure system. I'll take this up with the new-install folks, since most of the current installer is on life support and I didn't dare to do...
user's latest post:
Dropping profiles or...
Published (2008-11-17 14:23:00)
Bart, where did the original request for this finer grained user application environment policy control come from? If customers are asking, please let us know. -Christoph Scott Rotondo wrote: > Glenn Faden wrote: >> Bart, >> >> In general I don't think that the existing RBAC implementation is the >> right architecture for implementing restrictive environments. The...
user's latest post:
Code review request - Solaris...
Published (2008-11-19 08:27:00)
On 18/11/08 04:41 PM, Tony Nguyen wrote: > Darren Reed wrote: >> Location: inetd.c 302-327 >> Type: T >> Priority: 1 >> Comment: first, will scf_instance_destroy(NULL) crash inetd? >> > scf_instance_destroy() just returns if argument is NULL. If that's true then shouldn't this behaviour be documented on the man page for this function? Darren...
user's latest post:
[shell-discuss] Project...
Published (2008-11-16 18:27:00)
James Carlson wrote: > Josh Hurst writes: > > On 10/29/08, James Carlson wrote: > > > The usage case is for processes that are attempting to use > > > user-configured strings that may have been configured with a different > > > level of privilege than the current process. It's an escalation threat. > > > > Use rksh to prevent...
user's latest post:
Privileges(5) aware Apache httpd...
Published (2008-11-21 05:51:00)
Darren J Moffat wrote: > I discovered the announcement of a module to make Apache OpenSolaris > privileges(5) aware. > > I haven't played with this yet but the description alone sounds very useful. > > http://www.mail-archive.com/dev at httpd dot apache dot org/msg42159.html > > Seems like the same type of change could be used to have different TX > labels too. >...
user's latest post:
Re: [cifs-discuss] CIFS Client...
Published (2008-11-21 06:08:00)
> We have changes for the OpenSolaris CIFS client that > implement SMB > "signing". For an Overview of SMB signing, see: > http://support.microsoft.com/kb/887429 You really should also put this on security-discuss. In fact, I think I'll do that now! Security-discuss folks, please follow this link: http://www.opensolaris.org/jive/thread.jspa?threadID=83064 to see the original post. > 9: What...
user's latest post:
Privileges(5) aware Apache httpd...
Published (2008-11-21 17:21:00)
Nick Kew wrote: > Thanks for your interest! > > I guess this is the right forum to ask about the major security issue remaining. Namely, that mod_privileges may run untrusted code (e.g. a user's PHP scripts), and a malicious, privileges-aware script could escalate to anything in EPRIV. In particular, it'll have access to SET_ID. > > As it stands, the best solution I have to that is a Perl script to...
|
|
|
|
Latest active threads on helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr ::
Started 2 days, 4 hours ago (2008-11-21 05:04:00)
by darrenm
I discovered the announcement of a module to make Apache OpenSolaris privileges(5) aware. I haven't played with this yet but the description alone sounds very useful. http://www. mail-archive.com/dev at httpd dot apache dot org/msg42159.html Seems like the same type of change could be used to have different TX labels too. -- Darren J Moffat ...
Started 2 days, 3 hours ago (2008-11-21 06:08:00)
by danmcd
> We have changes for the OpenSolaris CIFS client that > implement SMB > "signing". For an Overview of SMB signing, see: > http://support.microsoft.com/kb/887429 You really should also put this on security-discuss. In fact, I think I'll do that now! Security-discuss folks, please follow this link: http://www.opensolaris.org/jive/thread.jspa?thread ID=83064 to ...
Started 1 month ago (2008-10-19 02:49:00)
by tnguien
This is for 6761070 PSARC 2008/580 Solaris host-based firewall * *The webrev and the new event message are respectively at: http://cr.opensolaris.org/~tonyn/firewall/ http://cr.opensolaris.org/~tonyn/firewall/8000-R4* *A quick summary of the changes: - firewall policy configuration for network services - generate IPfilter rules from firewall policy - network service ...
Started 1 week, 1 day ago (2008-11-14 13:36:00)
by gfaden
Bart, In general I don't think that the existing RBAC implementation is the right architecture for implementing restrictive environments. The original goal was to configure administrative roles, not to confine ordinary users. However, I agree with your suggestion making it configurable whether the values of AUTHS_GRANTED and PROFS_GRANTED are appended to the respective ...
Started 3 weeks, 4 days ago (2008-10-29 08:48:00)
by carlsonj
Josh Hurst writes: > On 10/29/08, James Carlson wrote: > > The usage case is for processes that are attempting to use > > user-configured strings that may have been configured with a different > > level of privilege than the current process. It's an escalation threat. > > Use rksh to prevent this escalation thread. Creating a new API which > can't get even the basic ...
Started 6 days, 5 hours ago (2008-11-17 04:27:00)
by jjj
On 11/17/08 13:27, Darren Reed wrote: > This is likely to trip up a lot of people... I agree with your assessment that the current solution is not optimal. I'd rather have an installer that refuses to take an empty password for root. IMO it's ok to make it hard configure an insecure system. I'll take this up with the new-install folks, since most of the current installer ...
Started 1 week, 3 days ago (2008-11-12 10:33:00)
by jbk
I'm looking for reviewers for '6613349 setuid not allowed message could be more useful'. I've tested it on a b101 system without any issues. It's pretty straightforward (and small) -- just modifying the message to display the filesystem path (instead of the device number) and making it zone aware (which is why I included security-discuss and zones-discuss). The webrev is ...
Started 1 week, 4 days ago (2008-11-11 15:01:00)
by kjmcdona
The user_attr man page says: > The search order for multiple user_attr sources is specified > in the /etc/nsswitch.conf file, as described in the > nsswitch.conf(4) man page. The search order follows that > for passwd(4). My question is: If I have 'passwd: compat' and ;passwd_compat: nis' in /etc/nsswitch.conf, and '@NetGroup' in /etc/passwd...
Started 1 week, 5 days ago (2008-11-10 19:40:00)
by qc161282
Chris Ridd wrote: > > On 10 Nov 2008, at 05:16, Jeff Cai wrote: > >> I didn't find the bug id from the community. But I really find it not >> reproducible after upgrading to gnome-keyring 2.24.0. > > I'm still seeing the problem in build 100a. gnome-keyring 2.24.0 should be in snv_101a. Jeff > > Cheers, > > Chris _______________________________________________ security-...
Started 2 weeks, 3 days ago (2008-11-06 09:17:00)
by janp
On Thu, 6 Nov 2008, Chris Ridd wrote: >Apologies to those of you also on indiana-discuss, who'll get this >twice :-( > >Since about build 99, I've been getting some unexpected failures when >sshing from an OpenSolaris machine to another machine using a >different username, eg user@remote. hi Chris, there were some changes in snv_99 wrt SunSSH (PKCS#11 support) but this ...
|
|
Hot threads for last week on helpList for discussing difficulties in getting, building and installingOpenSolaris. 37,064 486 / 1,476 Dec 3, 2006 5:04 PMby: jwoehr ::
Started 2 days, 4 hours ago (2008-11-21 05:04:00)
by darrenm
I discovered the announcement of a module to make Apache OpenSolaris privileges(5) aware. I haven't played with this yet but the description alone sounds very useful. http://www. mail-archive.com/dev at httpd dot apache dot org/msg42159.html Seems like the same type of change could be used to have different TX labels too. -- Darren J Moffat ...
Started 1 week, 1 day ago (2008-11-14 13:36:00)
by gfaden
Bart, In general I don't think that the existing RBAC implementation is the right architecture for implementing restrictive environments. The original goal was to configure administrative roles, not to confine ordinary users. However, I agree with your suggestion making it configurable whether the values of AUTHS_GRANTED and PROFS_GRANTED are appended to the respective ...
Started 6 days, 5 hours ago (2008-11-17 04:27:00)
by jjj
On 11/17/08 13:27, Darren Reed wrote: > This is likely to trip up a lot of people... I agree with your assessment that the current solution is not optimal. I'd rather have an installer that refuses to take an empty password for root. IMO it's ok to make it hard configure an insecure system. I'll take this up with the new-install folks, since most of the current installer ...
Started 3 weeks, 4 days ago (2008-10-29 08:48:00)
by carlsonj
Josh Hurst writes: > On 10/29/08, James Carlson wrote: > > The usage case is for processes that are attempting to use > > user-configured strings that may have been configured with a different > > level of privilege than the current process. It's an escalation threat. > > Use rksh to prevent this escalation thread. Creating a new API which > can't get even the basic ...
Started 2 days, 3 hours ago (2008-11-21 06:08:00)
by danmcd
> We have changes for the OpenSolaris CIFS client that > implement SMB > "signing". For an Overview of SMB signing, see: > http://support.microsoft.com/kb/887429 You really should also put this on security-discuss. In fact, I think I'll do that now! Security-discuss folks, please follow this link: http://www.opensolaris.org/jive/thread.jspa?thread ID=83064 to ...
Started 1 month ago (2008-10-19 02:49:00)
by tnguien
This is for 6761070 PSARC 2008/580 Solaris host-based firewall * *The webrev and the new event message are respectively at: http://cr.opensolaris.org/~tonyn/firewall/ http://cr.opensolaris.org/~tonyn/firewall/8000-R4* *A quick summary of the changes: - firewall policy configuration for network services - generate IPfilter rules from firewall policy - network service ...
|
|
Size: 711 bytes
