Re: Turning off SELINUX
by Reindl Harald
Am 06.09.2013 00:35, schrieb Javier Perez:
> > I know it is a long shot and a lot of paranoid-think, after all, if I have to depend on SELinux to defend my
> system
> > from external breaches, I am F*ck up already.
>
> says who?
>
> I say so, based on my current knowledge of how to defend your system from external threats
but your knowledge is very little it seems
> If your ONLY defense left is SELinux then one is quite naked to the world with only one
> last fig leaft to protect you :)
uneducated and wrong guess - SELinux is not your only defense - it is the last resort by design
> Althought I think you answered this line too fast, taking that line out of context, given the explanation I gave in
> the next paragraph.
no my daily job is security based on knowledge and not on uneducated guesses
> > Attackers should first have to breach the firewall and then obtain some sort of user access
>
> *what* has a firewall to do with a potential buffer overlow in running code
> resulting in execute inujected code on your system - that's what SElinux is about
>
> may i suggest to learn basics about the different layers of a operating system
> before read random completly unrelated articles and speard FUD based on them
> without understan dwhat they are talking about?
>
>
> Again, I think I am not explaining properly my thoughts. In this paragraph I am talking of the total security of
> the system and the different layers an attacker would have to peel before pawining the system, not of SELinux alone.
again: SElinux is the *last resort*
> > then trick the system to scalate it to a root access before SELinux comes into play
>
> may i suggest to learn how SElinux works
> it is supposed to prevent exactly this
>
>
> And that is my point exactly. If as the article has said, NSA is spending millions to compromise security systems,
> how sure are we that there isn't something in the code that allows them to bypass the protection that SELinux
> promises to confer? Before the article, I'd agree with you, "FUDmongering". After it, I wonder.
> BTW, thanks for the correction, I was forgetting once an attacker gets root, you are pawned. I was wondering at the
> wrong level :)
anything not proven by facts is FUD
> > But again, It is good to know that all links in the chain to being pawned
> > are good and strong before trusting them, and this article certainly throws
> > some mud to whatever contribution NSA has made to any security system
>
> without any specified backround it is uneducated FUD
> no tmore and not less
>
> As I said, before the article I would agree with you. But after reading it, I just wonder if there is any Achilles
> heel in the armor
if you only would understand how stupid your whole argumentation is
* SLinux is opensource
* it is part of the kernel
* it is reviewed by a lot of people outside the USA
* if you do not trust these people you must not trust the rest of the kernel
well, and in this case use Windows or OSX
but wait, both are closed source and US companies
so who do you trust more - USA closed source, ot reviewed
or opensource widely reviewed?
none of them? well than shut down your computer at all
10 years, 7 months
VMware install problem -
by Bob Goodwin
The trial version of VMware Workstation 9 expired last night. I bought
a new version but after the expiration I found it would not accept an
entry for a new key so I ran the vmware uninstall app. and installed the
new one from scratch. It starts but only runs to the point where I get
the message:
VMware kernel module updater
Before you can run VMware, several modules must be compiled and
installed in the running kernel.
Cancel - Install
I click on install and that does nothing.
Starting vmware from the command line produces the following errors:
[root@box10 bobg]# cat /tmp/vmware-root/vmware-modconfig-6296.log
.............. Snip ........
2013-09-05T12:32:39.424-05:00| vthread-3| I120: The header path
"/lib/modules/3.10.10-200.fc19.x86_64/build/include" for the kernel
"3.10.10-200.fc19.x86_64" is valid. Whoohoo!
2013-09-05T12:32:39.424-05:00| vthread-3| I120: The GCC version matches
the kernel GCC minor version like a glove.
2013-09-05T12:32:39.426-05:00| vthread-3| I120: Validating path
"/lib/modules/3.10.10-200.fc19.x86_64/build/include" for kernel release
"3.10.10-200.fc19.x86_64".
2013-09-05T12:32:39.426-05:00| vthread-3| I120: Failed to find
/lib/modules/3.10.10-200.fc19.x86_64/build/include/linux/version.h
2013-09-05T12:32:39.426-05:00| vthread-3| I120:
/lib/modules/3.10.10-200.fc19.x86_64/build/include/linux/version.h not
found, looking for generated/uapi/linux/version.h instead.
2013-09-05T12:32:39.445-05:00| vthread-3| I120: Preprocessed
UTS_RELEASE, got value "3.10.10-200.fc19.x86_64".
2013-09-05T12:32:39.445-05:00| vthread-3| I120: The header path
"/lib/modules/3.10.10-200.fc19.x86_64/build/include" for the kernel
"3.10.10-200.fc19.x86_64" is valid. Whoohoo!
2013-09-05T12:32:39.445-05:00| vthread-3| I120: The GCC version matches
the kernel GCC minor version like a glove.
2013-09-05T12:32:39.446-05:00| vthread-3| I120: Using temp dir "/tmp".
2013-09-05T12:32:39.449-05:00| vthread-3| I120: Invoking modinfo on "vmnet".
2013-09-05T12:32:39.455-05:00| vthread-3| I120: "/sbin/modinfo" exited
with status 256.
2013-09-05T12:32:39.455-05:00| vthread-3| I120: Invoking modinfo on
"vmblock".
2013-09-05T12:32:39.462-05:00| vthread-3| I120: "/sbin/modinfo" exited
with status 256.
2013-09-05T12:32:39.577-05:00| vthread-3| I120: Setting destination path
for vmnet to "/lib/modules/3.10.10-200.fc19.x86_64/misc/vmnet.ko".
2013-09-05T12:32:39.577-05:00| vthread-3| I120: Extracting the vmnet
source from "/usr/lib/vmware/modules/source/vmnet.tar".
2013-09-05T12:32:39.593-05:00| vthread-3| I120: Successfully extracted
the vmnet source.
2013-09-05T12:32:39.594-05:00| vthread-3| I120: Building module with
command "/bin/make -j4 -C /tmp/modconfig-2ncGE1/vmnet-only auto-build
HEADER_DIR=/lib/modules/3.10.10-200.fc19.x86_64/build/include
CC=/bin/gcc IS_GCC_3=no"
2013-09-05T12:32:41.285-05:00| vthread-3| W110: Failed to build vmnet.
Failed to execute the build command.
2013-09-05T12:32:41.290-05:00| vthread-3| I120: Setting destination path
for vmblock to "/lib/modules/3.10.10-200.fc19.x86_64/misc/vmblock.ko".
2013-09-05T12:32:41.290-05:00| vthread-3| I120: Extracting the vmblock
source from "/usr/lib/vmware/modules/source/vmblock.tar".
2013-09-05T12:32:41.305-05:00| vthread-3| I120: Successfully extracted
the vmblock source.
2013-09-05T12:32:41.306-05:00| vthread-3| I120: Building module with
command "/bin/make -j4 -C /tmp/modconfig-2ncGE1/vmblock-only auto-build
HEADER_DIR=/lib/modules/3.10.10-200.fc19.x86_64/build/include
CC=/bin/gcc IS_GCC_3=no"
2013-09-05T12:32:43.232-05:00| vthread-3| W110: Failed to build
vmblock. Failed to execute the build command.
Perhaps someone has experience with VMware and can make a suggestion?
Bob
--
http://www.qrz.com/db/W2BOD
box10 Fedora-19 Linux/XFCE
10 years, 7 months
run script when USB serial device unplugged?
by Tom Horsley
So I'm reading about udev and have this script that
does correctly run when I plug in my solidoodle printer:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0483", RUN+="/usr/local/bin/solidoodle-connect"
I see an ACTION="add" environment variable inside the
script which gets run.
But, when I unplug the device, the script is not run and
I never see an ACTION="remove".
Anyone know how to notice when a USB device is removed?
10 years, 7 months
A Question On Fedora Libcurl Performance
by Thomas Dineen
Gentle People:
While I thought that this was initially a libcurl problem it may be
a DNS or other
Fedora problem. This explains the Fedora User Group post.
I am using libcurl and some of Curl Website example code as calling
routines
for a multi-platform project where a webpage is read from
finance.yahoo.com.
Everything works as expected on Solaris 10 and MS Windows, delivering
excellent performance reading a web page.
Now when I perform the exact same access on Fedora 14 the read
performance
is very slow. When the read access is executed by sending the URL there
seems
to be a pause of one or two minutes to get a response. In the end there
is always
a correct response but the delay is unacceptable.
For both Solaris 10 and Fedora 14 the native gcc is used to build
the project,
and for Windows the Mingw Cross Environment with gcc is used. There are
varying
versions of gcc used. See below.
Please note that the exact same source code and make file is used
in the build in
all three environments.
Also the libcurl version varies in all three environments. However
this morning I updated
the Fedora 14 environment to the libcurl newest version 7.32 and the
performance did not
improve.
From Rich Grey:
Could this be a server/DNS problem? I've seen long delays like this
when telnetting to a server which tries to do a reverse DNS lookup on
the connecting client and fails. After the lookup timeout, which can
be minutes, the login: prompt finally appears and the session proceeds
normally.
Please note the attached Read_Yahoo.c function that I use for the web
page read.
Please note that I can post more information if requested.
- Solaris 10
gcc -dumpversion
3.4.6
- Fedora 14
gcc -dumpversion
4.5.1
Windows Mingw Cross Environment:
gcc -dumpversion
4.5.1
Thomas Dineen
On 8/31/2013 11:57 AM, Thomas Dineen wrote:
>
>
>
>
10 years, 7 months
how long (repo update)
by Martin S
does it usually take for repos to catch up with releases?
Just recently it was announced that Choqok 1.4 contains
"Support for Twitter API v1.1 (Thanks to Daniel Kreuter for
his effort on it)"
Currently what is in the repo is 1.3, therefore the question.
Just curious.
/M.
10 years, 7 months
Re: add to favorites
by Patrick Dupre
> ----- Original Message -----
> From: Roger
> Sent: 09/05/13 11:02 AM
> To: users(a)lists.fedoraproject.org
> Subject: Re: add to favorites
>
> Hi Patrick
> have a look at this link, I used it to Fedora 16 but not since.
> http://fedoraproject.org/en/using/tutorials/launcher.html
> I've forgotten how to include one's own icon, Did it in the past but not
> lately tho!
> Oh yes, -- click on the springy thing icon in the dialog and you can
> select your own icon from there but I think icons have to be in
> /usr/share/icons/some_folder/probably/fedora
> Are you using Fedora 19 or earlier?
Hi Roger,
Fedora 18 and 19. In feodra 16, it was easy!
> Roger
> > OK,
> >
> > Additonal question,
> > How can I add my own launcher? or modify an existing favorite?
> >
> > Thank.
> >
> >> On 09/05/2013 07:53 AM, Patrick Dupre wrote:
> >>> Hello,
> >>>
> >>> In fedora 19, how can I add an application launcher to the favorites menu?
> >>>
> >>> Thank.
> >>>
> >>>
> >> Call it up from <Menu> by entering the name in the search field, when
> >> the Icon appears right click on it and click <Add to panel>
> >> Cheers
> >> Roger
> >> --
> >> users mailing list
> >> users(a)lists.fedoraproject.org
> >> To unsubscribe or change subscription options:
> >> https://admin.fedoraproject.org/mailman/listinfo/users
> >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> >> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> >> Have a question? Ask away: http://ask.fedoraproject.org
> >
> > ===========================================================================
> > Patrick DUPRÉ | | email: pdupre(a)gmx.com
> > Laboratoire de Physico-Chimie de l'Atmosphère | |
> > Université du Littoral-Côte d'Opale | |
> > Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
> > 189A, avenue Maurice Schumann | | 59140 Dunkerque, France
> > ===========================================================================
>
> --
> users mailing list
> users(a)lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
10 years, 7 months
Re: add to favorites
by Patrick Dupre
OK,
Additonal question,
How can I add my own launcher? or modify an existing favorite?
Thank.
> On 09/05/2013 07:53 AM, Patrick Dupre wrote:
> > Hello,
> >
> > In fedora 19, how can I add an application launcher to the favorites menu?
> >
> > Thank.
> >
> >
> Call it up from <Menu> by entering the name in the search field, when
> the Icon appears right click on it and click <Add to panel>
> Cheers
> Roger
> --
> users mailing list
> users(a)lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
10 years, 7 months
how can i make restart not require root password
by jehan procaccia
hello,
I've got hundred of fedora19 station installed on computer lab for our students.
these are self service multi-user stations, users needs to restart the station whenever they want to
unfortunatly apparently "polkit" prevents them to restart when another user is (or had been ?) connected .
I know it is a safe behavior, but we defenitively want to enable users to restart the station themself whenever they want to, but without requiring the root password !
indeed, often student leave the room without disconecting (bad !) , then the screen locks but still allows someone else to connect, but that second student then cannot restart :-( .
I've tried lot of things:
http://askubuntu.com/questions/1190/how-can-i-make-shutdown-not-require-a...
apparently .pkla files a deprecated , and I confirmed that creating a /etc/polkit-1/localauthority/50-local.d/allow_all_users_to_restart.pkla containing Action=org.freedesktop.consolekit.system.restart-multiple-users AllowActive=yes doesn't work
then, from #fedora IRC I've been proposed to create rules in /etc/polkit-1/rules.d :
http://paste.fedoraproject.org/36844/
[root@b06-02 rules.d]# cat 00-early-checks.rules
/* Allow shutdown when others are logged in */
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.consolekit.system.stop-multiple-users" ||
action.id == "org.freedesktop.consolekit.system.restart-multiple-users") {
return polkit.Result.YES;
}
});
it still fails, when user click on their username on the top right corner of the gnome-session, schroll down to shutdown, then click restart, a window appears warning that there are other user conencted and that "authentification is required for rebooting the system while other users are logged in", and ends by asking to enter the "Administrator" password :-(
Where can I remove that "feature" ?
Thanks
10 years, 7 months
Re: add to favorites
by Patrick Dupre
Very good,
Thank you.
> ----- Original Message -----
> From: Roger
> Sent: 09/05/13 01:17 AM
> To: users(a)lists.fedoraproject.org
> Subject: Re: add to favorites
>
> On 09/05/2013 07:53 AM, Patrick Dupre wrote:
> > Hello,
> >
> > In fedora 19, how can I add an application launcher to the favorites menu?
> >
> > Thank.
> >
> >
> Call it up from <Menu> by entering the name in the search field, when
> the Icon appears right click on it and click <Add to panel>
> Cheers
> Roger
> --
> users mailing list
> users(a)lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
10 years, 7 months
add to favorites
by Patrick Dupre
Hello,
In fedora 19, how can I add an application launcher to the favorites menu?
Thank.
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
10 years, 7 months