#nixos-security on 2020-11-01

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:54 davidtwco has quit [Read error: Connection reset by peer]

00:55 davidtwco has joined #nixos-security

00:56 midchildan has quit [Ping timeout: 268 seconds]

00:57 midchildan has joined #nixos-security

02:04 ris has quit [Ping timeout: 240 seconds]

05:04 justanotheruser has quit [Ping timeout: 240 seconds]

05:40 rajivr has joined #nixos-security

05:57 LnL- has joined #nixos-security

05:58 LnL has quit [Ping timeout: 260 seconds]

09:09 FRidh has joined #nixos-security

09:31 spookyscarysphal is now known as sphalerite

10:00 FRidh has quit [Remote host closed the connection]

10:19 FRidh has joined #nixos-security

11:57 ris has joined #nixos-security

12:26 ninjin has quit [Ping timeout: 240 seconds]

12:29 ninjin has joined #nixos-security

12:41 <andi-> What do you folks think about https://samy.pl/slipstream/ ? Shall we do something? Is there even something we can do? I personally just disabled all the ALGs by default (https://github.com/andir/infra/commit/606d33a32c4e895c8cb702dd8d88e6cecc27ca68).

12:44 FRidh has quit [Remote host closed the connection]

12:45 <gchristensen> I'm not sure we really can do much

12:45 <andi-> Well we have in other cases also decided to set certain defaults.

12:46 <gchristensen> yeah

12:46 <andi-> Because those seem sane compared to the upstream defaults

12:46 <andi-> That is mostly what I am asking here

12:47 <gchristensen> it is a pretty clever exploit

12:48 <danderson> personal opinion: NATs are not security devices. Therefore, this hack is cool, but working as intended. End-host firewalls would stop this attack just fine.

12:49 <danderson> disabling ALGs by default on routers might help a little bit, but honestly it's more likely to generate bug reports that VoIP is brokn

12:50 <andi-> danderson: Yeah, I agree with that.

12:52 <andi-> I hope we see a few smart doormats with ransomware. Maybe that helps with awareness :D

13:02 FRidh has joined #nixos-security

14:15 zarco has joined #nixos-security

14:42 <__red__> concur

14:42 <__red__> the world needs more smart doormats

14:42 <__red__> :-)

14:57 tv has quit [Read error: Connection reset by peer]

15:15 tv has joined #nixos-security

15:55 <hexa-> https://github.com/NixOS/nixpkgs/pull/102359

15:55 <{^_^}> #102359 (by mweinelt, 20 seconds ago, open): openldap: add patch to fix nullptr dereference in slapd

16:49 FRidh has quit [Remote host closed the connection]

16:51 FRidh has joined #nixos-security

17:09 <pie_> nats are de facto security devices

17:10 <gchristensen> lol

17:10 <MichaelRaskin> st like red tape is de facto security device, it kind of separates an area, but never really protects it

17:11 <MichaelRaskin> *just

17:55 rajivr has quit [Quit: Connection closed for inactivity]

18:06 justanotheruser has joined #nixos-security

18:11 <__red__> There's no reason why I can't close duplicates right?

18:12 <__red__> as long as they cover the same CVEs / packages / repos

18:12 <pie_> maybe add a pointer to the other one

18:12 * pie_ is not a maintainer

18:16 <__red__> Right - that's what I was thinking

18:22 <hexa-> yes

18:23 <hexa-> in collaboration giving a "why" is very beneficial

18:30 <__red__> coolio

18:30 <__red__> I think I can knock a few off today then.

18:30 <__red__> bbiab

18:34 <hexa-> __red__++

18:34 <{^_^}> __red__'s karma got increased to 2

22:15 <__red__> hmm

22:15 <__red__> anyone know who/how/why only certain projects are listed in https://release-monitoring.org/distro/NixOS/?page=1

22:15 <__red__> ?

23:04 FRidh has quit [Ping timeout: 246 seconds]

23:18 MichaelRaskin has quit [Quit: MichaelRaskin]