It appears lemote.com reorganized their website... updated URLs for the
loongson.html page.
Index: loongson.html
===
RCS file: /cvs/www/loongson.html,v
retrieving revision 1.24
diff -u -p -r1.24 loongson.html
--- loongson.html
On 2010/03/13 03:19, Ozgur Kazancci wrote:
> > Yes we are, while we are at it we can ship an http.conf file that wil
> > only listen on port 8000 on localhost when the daemon comes up as
> > well, and that would be super obscure as well, and it would only read
> > index files ending in .HolyFuck, a
On Fri, 12 Mar 2010 19:21 -0700, "Theo de Raadt"
wrote:
> > On Fri, 12 Mar 2010 18:25 -0700, "Theo de Raadt"
> > wrote:
> > > That's a lot of words.
> > >
> > > The default configuration is not going to be changed in this way.
> >
> > To be honest, my patch is selfish. I get perfect vulnerabili
> On Fri, 12 Mar 2010 18:25 -0700, "Theo de Raadt"
> wrote:
> > That's a lot of words.
> >
> > The default configuration is not going to be changed in this way.
>
> To be honest, my patch is selfish. I get perfect vulnerability
> assessment scores on OpenBSD boxes when doing vulnerability scans
On Fri, 12 Mar 2010 18:25 -0700, "Theo de Raadt"
wrote:
> That's a lot of words.
>
> The default configuration is not going to be changed in this way.
To be honest, my patch is selfish. I get perfect vulnerability
assessment scores on OpenBSD boxes when doing vulnerability scans until
I enable A
> > Yes we are, while we are at it we can ship an http.conf file that wil
> > only listen on port 8000 on localhost when the daemon comes up as
> > well, and that would be super obscure as well, and it would only read
> > index files ending in .HolyFuck, and we'd ship a mime types
> > where HolyFuc
> Yes we are, while we are at it we can ship an http.conf file that wil
> only listen on port 8000 on localhost when the daemon comes up as
> well, and that would be super obscure as well, and it would only read
> index files ending in .HolyFuck, and we'd ship a mime types
> where HolyFuck was html
On Fri, 12 Mar 2010 16:44 -0700, "Bob Beck" wrote:
> What in god's name do you need sshv1 for anymore? What client are you
> using that still
> uses it? how old and vulnerable is it?
That was my hyperbole... remember? Apache 1.3.x anyone?
Brad
> Turn SSHv1 back on please why do you force me to twist that knob! That's
> some hyperbole of my own ;) Alright, I give up. Turning the option off
> manually works for me. I don't want or need it and I assumed other
> OpenBSD folks would feel the same.
Not being able to get directory indexes of m
> Apache comes up and works fine with Indexes off (for me at least).
>
Well, having indexes on is much nicer for having it do things like,
install OpenBSD from.
On Fri, 12 Mar 2010 16:17:51 -0700 Bob Beck wrote:
> Off is off. don't make it where you have to turn 8 knobs to turn
> something on. because you wanted it "more off".
Alternatively, you could make the user turn 8 knobs to turn
something "moron" ;)
(sorry, couldn't resist)
On Fri, 12 Mar 2010 16:17 -0700, "Bob Beck" wrote:
> >>
> >> It *IS* off by default. I have yet to see an OpenBSD machine that I
> >> can install that
> >> will come up with httpd turned on.
> >
> > We are not talking about the same thing. I understand that httpd is off
> > by default. The *optio
>> It *IS* off by default. I have yet to see an OpenBSD machine that I
>> can install that
>> will come up with httpd turned on.
>
> We are not talking about the same thing. I understand that httpd is off
> by default. The *option* is on by default in the config file.
>
Yes we are, while we are a
> On Fri, 12 Mar 2010 16:05 -0700, "Bob Beck" wrote:
> > On 12 March 2010 12:53, Brad Tilley wrote:
> > > On Fri, 12 Mar 2010 10:10 -0800, "patrick keshishian"
> > > wrote:
> > >> does disabling this option /really/ improve security?
> > >
> > > No, not unless you consider keeping files that are
On Fri, 12 Mar 2010 16:05 -0700, "Bob Beck" wrote:
> On 12 March 2010 12:53, Brad Tilley wrote:
> > On Fri, 12 Mar 2010 10:10 -0800, "patrick keshishian"
> > wrote:
> >> does disabling this option /really/ improve security?
> >
> > No, not unless you consider keeping files that are
> > inappropr
On 12 March 2010 12:53, Brad Tilley wrote:
> On Fri, 12 Mar 2010 10:10 -0800, "patrick keshishian"
> wrote:
>> does disabling this option /really/ improve security?
>
> No, not unless you consider keeping files that are
> inappropriately/accidentally copied to these directories a security
> issue
Now that the big changes have been seen together so they make more
sense, I've broken the changes into smaller, more manageable chunks.
As usual, only Nick will the stripped attachments, but you can access
them from my server. The diffs need to be applied in order. I started
with the current (as o
On Fri, Mar 12, 2010 at 3:28 PM, wrote:
>> Very good suggestion, indeed.
>>
>> Especially, if someone has a 'dangerous' file, a PHP Shell for instance,
>> (a perfect example:
>> http://mgeisler.net/downloads/phpshell/phpshell-1.7.tar.gz)
>> inside such a directory. (Or even maybe a simple file u
> Also, think "emacs-turdfile". Have any config.php~ lying around?
>
> or index.php~?
>
> Are you SURE?
>
Sorry for the lack of explanation. I was meaning a server where
you've thousands of vhosts/users exist.
Yes, you can disable the indexing.
Yes, you can activate the PHP's safe_mode, but...
> Very good suggestion, indeed.
>
> Especially, if someone has a 'dangerous' file, a PHP Shell for instance,
> (a perfect example:
> http://mgeisler.net/downloads/phpshell/phpshell-1.7.tar.gz)
> inside such a directory. (Or even maybe a simple file uploader, that will
> help the attacker to uplo
> > It seems inline with OpenBSD's off by default posture, that is
> > the only reason I suggested it.
>
> Very good suggestion, indeed.
>
> Especially, if someone has a 'dangerous' file, a PHP Shell for instance,
Anything PHP is dangerous. But there is a perfect cure for these files,
known as t
> It seems inline with OpenBSD's off by default posture, that is
> the only reason I suggested it.
Very good suggestion, indeed.
Especially, if someone has a 'dangerous' file, a PHP Shell for instance,
(a perfect example: http://mgeisler.net/downloads/phpshell/phpshell-1.7.tar.gz)
inside such a d
On Fri, 12 Mar 2010 10:10 -0800, "patrick keshishian"
wrote:
> does disabling this option /really/ improve security?
No, not unless you consider keeping files that are
inappropriately/accidentally copied to these directories a security
issue. It seems inline with OpenBSD's off by default posture,
Nope.
On 12 March 2010 11:10, patrick keshishian wrote:
> does disabling this option /really/ improve security?
>
>
> On Fri, Mar 12, 2010 at 9:41 AM, Brad Tilley wrote:
>> When ran against default OpenBSD servers that have Apache enabled,
>> vulnerability assessment software (Nessus, Rapid7, et
does disabling this option /really/ improve security?
On Fri, Mar 12, 2010 at 9:41 AM, Brad Tilley wrote:
> When ran against default OpenBSD servers that have Apache enabled,
> vulnerability assessment software (Nessus, Rapid7, etc.) complain about
> "browesable web directories". The concern is
When ran against default OpenBSD servers that have Apache enabled,
vulnerability assessment software (Nessus, Rapid7, etc.) complain about
"browesable web directories". The concern is that someone may
accidentally place inappropriate files in the web directories that will
then be visible to others.
Hello,
I'd like "make tags" to be more verbose. Esp. I'd like to see data
structures and macros being included:
Index: bsd.dep.mk
===
RCS file: /cvs/src/share/mk/bsd.dep.mk,v
retrieving revision 1.8
diff -u -r1.8 bsd.dep.mk
--- bsd.
Inscripciones 2010
Psicologia Social a Distancia
Primera Escuela Virtual de Psicologia Social
Totalmente a Distancia
Para Hispano Parlantes de todo el pams y del mundo.
Tel. 011 - 48657124
Teorma y Ticnica Pichon Riviere
Certificados de Estudios avalados por la propia Institucion
Trabajo
28 matches
Mail list logo
