The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: L0pht Advisory: IMAP4rev1 imapd server (fwd)



In this case, it becomes much more difficult to debug setuid or setgid
programs.  Perhaps this option should be configurable at kernel
compile time, or better yet, by the administrator at runtime?

bruce@pixar.com (Bruce Perens) writes:

> The problem is that the program has read the shadow password file into
> its address space, and then has then dropped root privileges before it
> dumps core. So it might create a core file that is readable by something
> else than root.
> 
> The solution is for the kernel to not drop core for a process that has
> changed its real or effective UID or GID.
> 
> 	Bruce
> -- 
> Can you get your operating system fixed when you need it?
> Linux - the supportable operating system. http://www.debian.org/support.html
> Bruce Perens K6BP   bruce@debian.org   NEW PHONE NUMBER: 510-620-3502
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-private-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .
> 

-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | Debian GNU/Linux is a free replacement for
jgoerzen@complete.org | DOS/Windows -- check it out at www.debian.org.
----------------------+----------------------------------------------
Notice: You may purchase the right to send me unsolicited commercial e-mail
("spam") for the fee of $500 (USD) per message.  Billing can be either
pre-arranged or can occur automatically after the reception of a spam.
Failure to pay will be treated in accordance to US Code, title 47, sec. 227,
which allows unsolicited e-mail to be punishable by action to recover actual
monetary loss or $500, whichever is greater, per violation.  Sending spam
to me without payment constitutes unauthorized access to my mail daemon,
which is in violation of federal law.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .