Security
Theo de Raddt requests cryptotest.c to be removed
Theo de Raddt has pointed out that the /dev/crypto testing program in FreeBSD, like in NetBSD, was derived from a test program which he never published with a free license. It has now been deleted from the NetBSD tree as well.
阅读全文…DragonflyBSD tcp_input.c fix merged!!
Big news! After about four months Jeffrey Hsu has finally merged his fix of RFC3042 to FreeBSD!
I have posted this into the “Security” category because this is a potentially a remote-exploitable security issue. (DoS maxmium).
阅读全文…qmail remote vulnerablity?
Today someone posted a patch to qmail 1.0.3 and pointed out this.
I have a quick patch to this issue, hope it’s correct.
阅读全文…修正了那个传说中的安全问题
那个安全问题是……我曾经让这个blog以root的身份登入mysql
「什么,你居然允许服务以root登入数据库?」
也许有点偏执狂的倾向,不过,不让它以root登录,至少能让我睡个安稳觉了 :)
阅读全文…