Domain: gratisoft.us
Stories and comments across the archive that link to gratisoft.us.
Comments · 16
-
Re:Open Source License
There is only one tiny bit that you can't modify.
One tiny bit?
t is not possible to replace the kernel on a Series2 TiVo since the PROM requires that the kernel be cryptographically signed with a key from TiVo
http://www.gratisoft.us/tivo/bigdisk.html
The kernel is "one tiny bit"?
-
Sudo + LDAP + Plugins
I don't see why you cannot properly scale Sudo via LDAP: http://www.gratisoft.us/sudo/man/1.8.1/sudoers.ldap.man.html I also believe some of the functionality described by the article can be achieved via the Plugin API introduced in Sudo 1.8.1: http://www.gratisoft.us/sudo/man/1.8.1/sudo_plugin.man.html
-
Sudo + LDAP + Plugins
I don't see why you cannot properly scale Sudo via LDAP: http://www.gratisoft.us/sudo/man/1.8.1/sudoers.ldap.man.html I also believe some of the functionality described by the article can be achieved via the Plugin API introduced in Sudo 1.8.1: http://www.gratisoft.us/sudo/man/1.8.1/sudo_plugin.man.html
-
Re:Feature, not a bug.
-
They didn't patent sudo. Read the patent.
They're trying to patent what sudo does with a GUI interface.
Systems and/or methods are described that enable a user to elevate his or her rights. My 2 plus year old Mac did that when I got it. "Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo."
Falcon
-
sudo precedes Linux
"sudo" as in "run a single command as root and furthermore examine the commands before running them and restrict them to a set, and furthermore examine the user trying to run sudo to select the restricted set" was developed after Linux was popular.
I seem to recall using it long before Linux appeared.
http://www.gratisoft.us/sudo/history.html
http://www.gratisoft.us/sudo/readme.html
Unless there's some nuance in your quote that I'm missing.
BTW - gratisoft.us appears to mirror sudo.ws
-
sudo precedes Linux
"sudo" as in "run a single command as root and furthermore examine the commands before running them and restrict them to a set, and furthermore examine the user trying to run sudo to select the restricted set" was developed after Linux was popular.
I seem to recall using it long before Linux appeared.
http://www.gratisoft.us/sudo/history.html
http://www.gratisoft.us/sudo/readme.html
Unless there's some nuance in your quote that I'm missing.
BTW - gratisoft.us appears to mirror sudo.ws
-
Re:Windows 7 Supporter
UAC is essentially identical in concept and implementation to sudo
No. It's not. UAC is expressly designed to shift the responsibility for security onto the user. "Are you sure?" User clicks yes and Microsoft has shifted accountability to the user. It is brilliant in an evil way.
(albeit somewhat more automated and intelligent).
helloworld.c is automated and intelligent too. That doesn't make it equivalent to sudo. Please stop trolling.
-
Re:Even for dedicated servers, it's hard
There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup.
Uh, Sudo?
-
Re:software engineering != computer scienceI don't advocate protecting the programmer from him/herself.
I do advocate designing primitives as essential to the language as the C string functions to powerfully remind the programmer using those functions of the programmer's logical obligations and support the programmer to reason correctly about those obligations, without having to digest 15 lines of preceding context to see that calloc() provided the implied terminating NUL.
strlcpy and strlcat - consistent, safe, string copy and concatenation by Todd C. Miller and Theo de Raadt, OpenBSD project There are several problems encountered when strncpy() and strncat() are used as safe versions of strcpy() and strcat(). Both functions deal with NUL-termination and the length parameter in different and non-intuitive ways that confuse even experienced programmers. They also provide no easy way to detect when truncation occurs. Finally, strncpy() zero-fills the remainder of the destination string, incurring a performance penalty. Of all these issues, the confusion caused by the length parameters and the related issue of NUL-termination are most important. When we audited the OpenBSD source tree for potential security holes we found rampant misuse of strncpy() and strncat(). While not all of these resulted in exploitable security holes, they made it clear that the rules for using strncpy() and strncat() in safe string operations are widely misunderstood. An Interview with OpenBSD's Marc Espie We have had a lot of success explaining the issues and getting a lot of people to switch from strcpy/strcat to strlcpy/strlcat.
Weirdly enough, the Linux people are about the only major group of people that has constantly stayed deaf to these arguments. The chief opponent to strlcpy in glibc is most certainly Ulrich Drepper, who argues that good programmers don't need strlcpy, since they don't make mistakes while copying strings. This is a very mystifying point of view, since bugtraq daily proves that a lot of Linux and free software programmers are not that bright, and need all the help they can get. The original C strcpy() could just as easily have had the semantics of strlcpy(), with insane_strcpy() provided to copy strings/trash core without a cycle wasted.
One must recognize that in a solid code base, thinking occurs more often while reading code than writing code. Correctness is not a write-only proposition in any living code base.We came to the conclusion that a foolproof alternative to strncpy() and strncat() was needed, primarily to simplify the job of the programmer, but also to make code auditing easier.
The original C string functions were (and remain) a pedagodic disaster. Most beginning programmers failed to realized how much thinking had been folded into the surrounding context. If they were reading K&R, that thinking existed. If they were reading any code they had at hand, it likely hadn't, by any survey of average C code quality ten years later. With the original string functions, whether this careful thinking existed is not obvious without doing a lot of mental work, and that work has to be repeated *every time* the code is seriously reviewed.
Worst of all, the strcpy() function seemed to imply "buffer overflow is no great concern, we're not even going to give you a single argument on this very dangerous function to help you avert it". It was a false parsimony to save that extra argument in the default case.
This isn't at the level of whether the handgun has a safety or not. It's at the level of whether it is possible to chamber a round too large for the barrel. I can point the gun successfully, but I'd greatly prefer it not to detonate in any other direction.
A more thoughtful C string API would have averted mistakes on the magnitude of chambering bad ammunition, without encumbering the pointy end in the slightest, or failing to endanger the programmer's foot. -
Re:Vista is the Bizarro XP
When you first install Vista, you're doing a lot of that stuff pretty darn often, so it seems like the screens are never ending.
I'm surprised MS didn't complete their UAC "innovation" by imitating sudo's timestamp feature. From sudo's manpage:Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers).
-
Re:for some strange reason
...regardless of the fact that Gentoo removed root logins or so for security purposes, the does not remove the possibility of escalated privileges for someone who shouldn't have them..
But then a sysadmin can always dictate who has sudo access and who doesn't.
And taking it a step further, sudo can also be tweaked to only allow certain commands for a particular user. -
a method for executing an elevated security proces
Is this one of the patent breeches. It sure sounds a lot like SUDO to me bit then again I've never been to lawyer school.
'Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo'
--
United States Patent 6,775,781 Aug 2004
Administrative security systems and methods
We claim: .. a method comprising:
.. executing an administrative security process under the administrative privilege level; -
Re:The only real problem of Linux is
Not even close. I can "sudo su" and I'm root. GP is asking for a good implementation of ACLs.
Heh, never thought I'd actually say this, but... RTFM
.sudo allows a user exactly as much or as little access as they've been granted by the root user. We used it widely to limit access to logged-in users on production machines to about 6 commands. Anything else had to be specifically authorised by Ops. I'd love to know how to get the same degree of control with as little effort on Windows servers.
-
The most common types of vulnerabilityFinding and fixing an individual vulnerability is necessary, but not that interesting. What's more important is to look at what kind of bug it is, see if it occurs elsewhere, and see what might be done to stop it happening in future. Often that means providing programmers with a safer mechanism that makes it harder to introduce bugs (or makes bugs that do creep in be harder to exploit). The OpenBSD project has justly become famous for this kind of auditing, for example, they found in auditing that copying of C-style strings often led to exploitable buffer overruns, and developed strlcpy() as a safer alternative.
So what does the Firefox list tell us?A large number of defects resulted from the code not checking for null after memory was allocated.
This could be fixed by using a memory allocation function that throws an exception on out-of-memory, rather than relying on the programmer to remember to check every call. If the programmer forgets to use a try/catch block to check for exceptions, the worst that happens is that the exception propagates upwards to a higher-level 'catch-all' routine.In addition, there were many cases where the return value of functions designed to return null were not checked prior to dereferencing.
Again, this shows that returning a special value such as null is not always the best thing to do. If it's likely that programmers will forget to check it (perhaps because null is only returned in error conditions, and doesn't occur during ordinary use), then an exception would be a better way to signal an error. It also lets you give more information about exactly what the error was; you can have different exceptions carrying different messages for different things that went wrong, but null is just null.
Hmm, but later on in TFA I see a comment from a Mozilla developer:With most of these tools the signal:noise ratio is very high. For example, most of these "dereferencing null" cases are either handled automatically by C++ template wrappers that do smart pointer management. Many of these "potential" memory leaks are handled automatically by XPCOM's refcounting.
So it looks like the Mozilla folk have already thought about these problems and done the Right Thing. -
sudo
Use sudo, http://www.gratisoft.us/sudo/ Oh Windows? Nevermind then.