Re: crontab(1) confused by su(1)?

2013-07-26 Thread Luca Ferrari 
On Wed, Jul 24, 2013 at 8:32 AM, Jan Stary h...@stare.cz wrote:

 Could someone please provide an example
 where su(1) confuses crontab(1)?

If I get it right the problem is not running crontab, rather modifying
the crontrab files.
In such case the following could be an example: I ask su(1) to become
another user without modifying the environment, therefore I'm another
user running in the same environment of the former (than there's a
privilege problem, of course). Crontab searches for the current uid
while I would like to see the old one.


% id
~
uid=1001(luca) gid=1001(luca) groups=1001(luca),0(wheel)
% su -m pgsql
~
% echo $USER
   ~
luca
% crontab -l
   ~
crontab: no crontab for pgsql


However I could have totally missed the point...but it's an interesting one.

Luca

Re: crontab(1) confused by su(1)?

2013-07-26 Thread Jan Stary 
On Jul 26 08:42:52, fluca1...@infinito.it wrote:
 On Wed, Jul 24, 2013 at 8:32 AM, Jan Stary h...@stare.cz wrote:
 
  Could someone please provide an example
  where su(1) confuses crontab(1)?
 
 If I get it right the problem is not running crontab, rather modifying
 the crontrab files.
 In such case the following could be an example: I ask su(1) to become
 another user without modifying the environment, therefore I'm another
 user running in the same environment of the former (than there's a
 privilege problem, of course). Crontab searches for the current uid
 while I would like to see the old one.
 
 
 % id
 ~
 uid=1001(luca) gid=1001(luca) groups=1001(luca),0(wheel)
 % su -m pgsql

%id 

 % echo $USER
~
 luca
 % crontab -l
~
 crontab: no crontab for pgsql

You have su'd to pgsql, and crontab -l
is showing you the (nonexistent) crontab of pgsql.

That's intended. I was asking for an example
of su being confused by su.

Re: Outdated documentation for scrub (no-df) in pf.conf(5)?

2013-07-26 Thread Henning Brauer 
* Maxim Khitrov m...@mxcrypt.com [2013-07-25 17:29]:
 To reassemble fragmented
 packets with the DF flag set, one has to use set reassemble yes
 no-df option.

correct.

 By the time any scrub rules are applied, the packet is
 already reassembled

not necessarily - one can turn reassembly off.

 so scrub (no-df) simply clears the DF flag for
 all _complete_ packets (pf_scrub in sys/net/pf_norm.c).

pretty much.
 
 I don't see how this fixes problems with fragmented NFS packets, and I
 suspect that this breaks legitimate uses of DF, such as MTU discovery.

well, no-df kinda breaks PMTUD by definition; the pf host then
reassembles anyway.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Hardware backdoors in Lenovo?

2013-07-26 Thread Tyler Mace 
Do any of you feel like this is a non-story? Or should I reconsider
purchasing Lenovo hardware in the future?

http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL

-t

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Theo de Raadt 
 Do any of you feel like this is a non-story? Or should I reconsider
 purchasing Lenovo hardware in the future?
 
 http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL

And other products are safer?

Stop living under a rock.  It's all crap.

Retry: Fwd: Re: OpenBSD 5.4-beta (GENERIC) #19: Sun Jul 7 15:01:51 MDT 2013 can't works with my usb keyb, usb optical mouse, usb camera and usb modems

2013-07-26 Thread dmitry.sensei 
-- Переадресованное сообщение --
От: dmitry.sensei dmitry.sen...@gmail.com
Дата: 24.07.2013 14:29
Тема: Re: OpenBSD 5.4-beta (GENERIC) #19: Sun Jul 7 15:01:51 MDT 2013
can't
works with my usb keyb, usb optical mouse, usb camera and usb modems
Кому: Norman Golisz li...@zcat.de, Mark Kettenis 
mark.kette...@xs4all.nl
Копия: b...@openbsd.org b...@openbsd.org

Below dmesg output acpi after disbaled acpimadt

*|alc*|age*|jme*|et*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|si
s*|wb*|tl*|vte*|vr*|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|d
c*|dc*|re*|re*|rl*|rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 33 urlphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 34 rgephy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 35 ciphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
--- more --- 36 ipgphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 37 etphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 38 jmphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 39 atphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 40 rdcphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 41 mlphy* at
url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et
*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr*
|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*|
rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep*
phy -1 flags 0x0
 42 scsibus* at
softraid0|vscsi0|sdmmc*|umass*|ahb*|wds0|sea0|aha0|aha1|aha*|vioblk*|pcscp*|m
pii*|ips*|mfii*|arc*|atapiscsi*|ioprbs*|iopsp*|trm*|iha*|siop*|uha0|uha1|uha*
|sili*|mpi*|ahci*|ahci*|isp*|mfi*|ami*|ciss*|cac*|cac*|twe*|gdt*|bha0|bha1|bh
a2|bha*|adw*|adv*|aic0|aic*|aic*|ahd*|ahc*|ahc*
flags 0x0
 43 cd* at scsibus* target -1 lun -1 flags 0x0
 44 ch* at scsibus* target -1 lun -1 flags 0x0
 45 sd* at scsibus* target -1 lun -1 flags 0x0
 46 st* at scsibus* target -1 lun -1 flags 0x0
 47 uk* at scsibus* target -1 lun -1 flags 0x0
--- more --- 48 safte* at scsibus* target -1 lun -1 flags 0x0
 49 ses* at scsibus* target -1 lun -1 flags 0x0
 50 iopsp* at iop* tid -1 flags 0x0
 51 ioprbs* at iop* tid -1 flags 0x0
 52 atapiscsi* at wdc0|wdc1|wdc*|wdc*|pciide*|pciide* channel -1 flags 0x0
 53 wd* at wdc0|wdc1|wdc*|wdc*|pciide*|pciide* channel -1 flags 0x0
 54 mainbus0 at root flags 0x0
 55 pci* at mainbus0|ppb*|pchb* bus -1 flags 0x0
 56 vga* at pci* dev -1 function -1 flags 0x0
 57 ahc* at pci* dev -1 function -1 flags 0x0
 58 ahd* at pci* dev -1 function -1 flags 0x0
 59 adv* at pci* dev -1 function -1 flags 0x0
--- more --- 60 adw* at pci* dev -1 function -1 flags 0x0
 61 bha* at pci* dev -1 function -1 flags 0x0
 62 twe* at pci* dev -1 function -1 flags 0x0
 63 arc* at pci* dev -1 function -1 flags 0x0
 64 jmb* at pci* dev -1 function -1 flags 0x0
 65 ahci* at

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread patrick keshishian 
On Fri, Jul 26, 2013 at 11:09 AM, Tyler Mace tylerdm...@gmail.com wrote:
 Do any of you feel like this is a non-story? Or should I reconsider
 purchasing Lenovo hardware in the future?

 http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL


Stories like these remind me of the US spy drone that was captured by
Iran late 2011. It supposedly was tricked into landing where it
wasn't supposed to.

--patrick
(typed on a lenovo netbook.)

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread deoxyt2 

El 26-07-2013 15:09, patrick keshishian escribió:

On Fri, Jul 26, 2013 at 11:09 AM, Tyler Mace tylerdm...@gmail.com wrote:

Do any of you feel like this is a non-story? Or should I reconsider
purchasing Lenovo hardware in the future?

http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL



Stories like these remind me of the US spy drone that was captured by
Iran late 2011. It supposedly was tricked into landing where it
wasn't supposed to.

--patrick
(typed on a lenovo netbook.)





for reading about it.

Designing and implementing malicious hardware
https://www.usenix.org/legacy/events/leet08/tech/full_papers/king/king_html/

http://lacamaradegas.cl/~jar/jar/shared/Chipset-Backdoor-AsiaCCS09.pdf

http://lacamaradegas.cl/~jar/jar/shared/Protection_against_Hardware_Trojan_Attacks.pdf

Regards.

--
deoxyt2.-
http://deoxyt2.livejournal.com

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Christian Weisgerber 
Tyler Mace tylerdm...@gmail.com wrote:

 Do any of you feel like this is a non-story? Or should I reconsider
 purchasing Lenovo hardware in the future?
 
 http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL

(1) Rumor monging.
Alleged proof that the earth is flat remains highly classified.

(2) Since the NSA has preferential access to all sorts of vulnerabilities
(if not outright backdoors) in IT equipment exported by American
companies, it stands to reason that they are scared shitless of the
reverse scenario.

(3) There is an ever-increasing amount of code running outside the
control of the operating system.  Have you looked at the remote
management options of a plain office PC lately?  CPU microcode
updates from the BIOS?  And what *does* all that SMM code do?  It's
all completely trustworthy and bug free, I'm sure.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Theo de Raadt 
 (2) Since the NSA has preferential access to all sorts of vulnerabilities
 (if not outright backdoors) in IT equipment exported by American
 companies, it stands to reason that they are scared shitless of the
 reverse scenario.

but america would never do anything so ... evil.

they're the good guys, remember?

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Dmitrij D. Czarkoff 
On Fri, Jul 26, 2013 at 08:36:17PM +, Christian Weisgerber wrote:
 (2) Since the NSA has preferential access to all sorts of vulnerabilities
 (if not outright backdoors) in IT equipment exported by American
 companies, it stands to reason that they are scared shitless of the
 reverse scenario.

In fact Chinese hardware could be banned just because of theoretic future
security risk. That's not to mention the fact that it may be banned because
the US backdoors can't be planted any more - workstations for
security-concious environments cost quite a lot, and banning some company from
this market would make a good point in negotiating such delicate matters.
 
 (3) There is an ever-increasing amount of code running outside the
 control of the operating system.  Have you looked at the remote
 management options of a plain office PC lately?  CPU microcode
 updates from the BIOS?  And what *does* all that SMM code do?  It's
 all completely trustworthy and bug free, I'm sure.

FWIW the network cards' firmware would serve a better place for backdoor -
they interfere with network and do some cryptography the OS relies upon.

-- 
Dmitrij D. Czarkoff

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Geoff Steckel 
On 07/26/2013 04:56 PM, Dmitrij D. Czarkoff wrote:
 On Fri, Jul 26, 2013 at 08:36:17PM +, Christian Weisgerber wrote:
 (2) Since the NSA has preferential access to all sorts of vulnerabilities
 (if not outright backdoors) in IT equipment exported by American
 companies, it stands to reason that they are scared shitless of the
 reverse scenario.
 In fact Chinese hardware could be banned just because of theoretic future
 security risk. That's not to mention the fact that it may be banned because
 the US backdoors can't be planted any more - workstations for
 security-concious environments cost quite a lot, and banning some company from
 this market would make a good point in negotiating such delicate matters.
   
 (3) There is an ever-increasing amount of code running outside the
 control of the operating system.  Have you looked at the remote
 management options of a plain office PC lately?  CPU microcode
 updates from the BIOS?  And what *does* all that SMM code do?  It's
 all completely trustworthy and bug free, I'm sure.
 FWIW the network cards' firmware would serve a better place for backdoor -
 they interfere with network and do some cryptography the OS relies upon.

Don't forget disk drives.  Hmmm, I've been reset, and we'rereading block 
1. Let's give
him hidden block 1.With a little tinkering,multiarchitecture takeovers.

Geoff Steckel

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Michael Motyka 
On Jul 26, 2013, at 1:54 PM, Theo de Raadt dera...@cvs.openbsd.org wrote:

 (2) Since the NSA has preferential access to all sorts of vulnerabilities
 (if not outright backdoors) in IT equipment exported by American
 companies, it stands to reason that they are scared shitless of the
 reverse scenario.
 
 but america would never do anything so ... evil.
 
 they're the good guys, remember?
 
I've never thought a great deal of the quantum or sci-fi parallel universes 
ideas, and in this one the score is clear.

Meanwhile, even the new Beagle Bone has ~120KB of secure code and hands off 
execution to the user in non-secure supervisor mode. It's probably that way for 
my own good. Sigh. I may try to get past that since it's a cool little board.

Re: Hardware backdoors in Lenovo?

2013-07-26 Thread Jack Woehr 

Michael Motyka wrote:
Meanwhile, even the new Beagle Bone has ~120KB of secure code and hands off execution to the user in non-secure 
supervisor mode. It's probably that way for my own good. Sigh. I may try to get past that since it's a cool little board. 

http://www.colorforth.com/

--
Jack Woehr   # We commonly say we have no time when,
Box 51, Golden CO 80402  #  of course, we have all that there is.
http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905