If someone wants to try benchmarking/ doing some sort of a 'does this
feel slower' test in order to make a decision, by all means. I
personally have no noticed any difference with my system having it
removed, but that's just me.
Removing the code is obviously the most effective way to remove the
a
** Also affects: preload (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1336125
Title:
Preload should be compiled with security flags
To manage n
I hadn't realized that pulseaudio was no longer setuid, I'm just out of
date I suppose haha. If it's not setuid there's less of a need for such
strict rules, and using an abstraction may be ok.
But wouldn't it simply be enough to use: @{multiarch} ?
I apologize for taking so long to reply.
If /b
It also requires the setuid permission. I thought that it dropped its
privileges? Because it, apparently, needs quite a number of
capabilities, including setuid.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
I see it's changed to expired. If it would help move things along, I can
rewrite this profile with /base and remove redundant entries.
At that point anyone willing to simply test it can do so, but it should
simply work.
I'm still unsure about the capabilities, as is *requested* those
capabilities
His is cleaner, and would work on more systems since he uses
abstractions. If Pulseaudio isn't setUID then it should be fine, since
being so tight shouldn't be necessary.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.la
Public bug reported:
This profile works on 64bit, and is pretty restrictive. Maybe it'll be
of use for someone?
I tested it on Ubuntu 12.10 64bit (it needs 32bit variables, naturally)
and I can play sound from my browser and videos just fine.
It's setuid so it obviously needs a ton of capabiliti
Public bug reported:
Relying on signatures is silly. It gives attackers much more control
over a situation, and we already know that this *doesn't work* when weak
signatures like MD5 are used (see Flame hash collision). Is the average
user going to get attacked this way, with a collision? Maybe no
I tried assigning ia32-apt-get but it says it isn't a package in Ubuntu.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1186793
Title:
Updating is over insecure connection
To manage notifications ab
*** This bug is a duplicate of bug 247445 ***
https://bugs.launchpad.net/bugs/247445
Like Chris Thompson said, completely different bug report. Not a
duplicate.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
** This bug is no longer a duplicate of bug 247445
Package managers vulnerable to replay and endless data attacks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1186793
Title:
Updating is over ins
Either leave it out of the repositories or keep it updated with at least
security backports. Anything else is negligent and encouraging users to
install *known insecure* software.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
12 matches
Mail list logo
