Re: crontab(1) confused by su(1)?
On Wed, Jul 24, 2013 at 8:32 AM, Jan Stary h...@stare.cz wrote: Could someone please provide an example where su(1) confuses crontab(1)? If I get it right the problem is not running crontab, rather modifying the crontrab files. In such case the following could be an example: I ask su(1) to become another user without modifying the environment, therefore I'm another user running in the same environment of the former (than there's a privilege problem, of course). Crontab searches for the current uid while I would like to see the old one. % id ~ uid=1001(luca) gid=1001(luca) groups=1001(luca),0(wheel) % su -m pgsql ~ % echo $USER ~ luca % crontab -l ~ crontab: no crontab for pgsql However I could have totally missed the point...but it's an interesting one. Luca
Re: crontab(1) confused by su(1)?
On Jul 26 08:42:52, fluca1...@infinito.it wrote: On Wed, Jul 24, 2013 at 8:32 AM, Jan Stary h...@stare.cz wrote: Could someone please provide an example where su(1) confuses crontab(1)? If I get it right the problem is not running crontab, rather modifying the crontrab files. In such case the following could be an example: I ask su(1) to become another user without modifying the environment, therefore I'm another user running in the same environment of the former (than there's a privilege problem, of course). Crontab searches for the current uid while I would like to see the old one. % id ~ uid=1001(luca) gid=1001(luca) groups=1001(luca),0(wheel) % su -m pgsql %id % echo $USER ~ luca % crontab -l ~ crontab: no crontab for pgsql You have su'd to pgsql, and crontab -l is showing you the (nonexistent) crontab of pgsql. That's intended. I was asking for an example of su being confused by su.
Re: Outdated documentation for scrub (no-df) in pf.conf(5)?
* Maxim Khitrov m...@mxcrypt.com [2013-07-25 17:29]: To reassemble fragmented packets with the DF flag set, one has to use set reassemble yes no-df option. correct. By the time any scrub rules are applied, the packet is already reassembled not necessarily - one can turn reassembly off. so scrub (no-df) simply clears the DF flag for all _complete_ packets (pf_scrub in sys/net/pf_norm.c). pretty much. I don't see how this fixes problems with fragmented NFS packets, and I suspect that this breaks legitimate uses of DF, such as MTU discovery. well, no-df kinda breaks PMTUD by definition; the pf host then reassembles anyway. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Hardware backdoors in Lenovo?
Do any of you feel like this is a non-story? Or should I reconsider purchasing Lenovo hardware in the future? http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL -t
Re: Hardware backdoors in Lenovo?
Do any of you feel like this is a non-story? Or should I reconsider purchasing Lenovo hardware in the future? http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL And other products are safer? Stop living under a rock. It's all crap.
Retry: Fwd: Re: OpenBSD 5.4-beta (GENERIC) #19: Sun Jul 7 15:01:51 MDT 2013 can't works with my usb keyb, usb optical mouse, usb camera and usb modems
-- ÐеÑеадÑеÑованное ÑообÑение -- ÐÑ: dmitry.sensei dmitry.sen...@gmail.com ÐаÑа: 24.07.2013 14:29 Тема: Re: OpenBSD 5.4-beta (GENERIC) #19: Sun Jul 7 15:01:51 MDT 2013 can't works with my usb keyb, usb optical mouse, usb camera and usb modems ÐомÑ: Norman Golisz li...@zcat.de, Mark Kettenis mark.kette...@xs4all.nl ÐопиÑ: b...@openbsd.org b...@openbsd.org Below dmesg output acpi after disbaled acpimadt *|alc*|age*|jme*|et*|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|si s*|wb*|tl*|vte*|vr*|pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|d c*|dc*|re*|re*|rl*|rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 33 urlphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 34 rgephy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 35 ciphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 --- more --- 36 ipgphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 37 etphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 38 jmphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 39 atphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 40 rdcphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 41 mlphy* at url*|udav*|mos*|smsc*|axe*|aue*|xe*|ef*|hme*|lii*|bce*|ale*|alc*|age*|jme*|et *|nfe*|stge*|vge*|bnx*|bge*|lge*|nge*|msk*|sk*|ste*|se*|sis*|wb*|tl*|vte*|vr* |pcn*|sf*|ti*|gem*|ne0|ne1|ne2|ne*|ne*|ne*|epic*|sm0|sm*|dc*|dc*|re*|re*|rl*| rl*|mtd*|fxp*|fxp*|xl*|xl*|ep0|ep*|ep*|ep*|ep*|ep* phy -1 flags 0x0 42 scsibus* at softraid0|vscsi0|sdmmc*|umass*|ahb*|wds0|sea0|aha0|aha1|aha*|vioblk*|pcscp*|m pii*|ips*|mfii*|arc*|atapiscsi*|ioprbs*|iopsp*|trm*|iha*|siop*|uha0|uha1|uha* |sili*|mpi*|ahci*|ahci*|isp*|mfi*|ami*|ciss*|cac*|cac*|twe*|gdt*|bha0|bha1|bh a2|bha*|adw*|adv*|aic0|aic*|aic*|ahd*|ahc*|ahc* flags 0x0 43 cd* at scsibus* target -1 lun -1 flags 0x0 44 ch* at scsibus* target -1 lun -1 flags 0x0 45 sd* at scsibus* target -1 lun -1 flags 0x0 46 st* at scsibus* target -1 lun -1 flags 0x0 47 uk* at scsibus* target -1 lun -1 flags 0x0 --- more --- 48 safte* at scsibus* target -1 lun -1 flags 0x0 49 ses* at scsibus* target -1 lun -1 flags 0x0 50 iopsp* at iop* tid -1 flags 0x0 51 ioprbs* at iop* tid -1 flags 0x0 52 atapiscsi* at wdc0|wdc1|wdc*|wdc*|pciide*|pciide* channel -1 flags 0x0 53 wd* at wdc0|wdc1|wdc*|wdc*|pciide*|pciide* channel -1 flags 0x0 54 mainbus0 at root flags 0x0 55 pci* at mainbus0|ppb*|pchb* bus -1 flags 0x0 56 vga* at pci* dev -1 function -1 flags 0x0 57 ahc* at pci* dev -1 function -1 flags 0x0 58 ahd* at pci* dev -1 function -1 flags 0x0 59 adv* at pci* dev -1 function -1 flags 0x0 --- more --- 60 adw* at pci* dev -1 function -1 flags 0x0 61 bha* at pci* dev -1 function -1 flags 0x0 62 twe* at pci* dev -1 function -1 flags 0x0 63 arc* at pci* dev -1 function -1 flags 0x0 64 jmb* at pci* dev -1 function -1 flags 0x0 65 ahci* at
Re: Hardware backdoors in Lenovo?
On Fri, Jul 26, 2013 at 11:09 AM, Tyler Mace tylerdm...@gmail.com wrote: Do any of you feel like this is a non-story? Or should I reconsider purchasing Lenovo hardware in the future? http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL Stories like these remind me of the US spy drone that was captured by Iran late 2011. It supposedly was tricked into landing where it wasn't supposed to. --patrick (typed on a lenovo netbook.)
Re: Hardware backdoors in Lenovo?
El 26-07-2013 15:09, patrick keshishian escribió: On Fri, Jul 26, 2013 at 11:09 AM, Tyler Mace tylerdm...@gmail.com wrote: Do any of you feel like this is a non-story? Or should I reconsider purchasing Lenovo hardware in the future? http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL Stories like these remind me of the US spy drone that was captured by Iran late 2011. It supposedly was tricked into landing where it wasn't supposed to. --patrick (typed on a lenovo netbook.) for reading about it. Designing and implementing malicious hardware https://www.usenix.org/legacy/events/leet08/tech/full_papers/king/king_html/ http://lacamaradegas.cl/~jar/jar/shared/Chipset-Backdoor-AsiaCCS09.pdf http://lacamaradegas.cl/~jar/jar/shared/Protection_against_Hardware_Trojan_Attacks.pdf Regards. -- deoxyt2.- http://deoxyt2.livejournal.com
Re: Hardware backdoors in Lenovo?
Tyler Mace tylerdm...@gmail.com wrote: Do any of you feel like this is a non-story? Or should I reconsider purchasing Lenovo hardware in the future? http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL (1) Rumor monging. Alleged proof that the earth is flat remains highly classified. (2) Since the NSA has preferential access to all sorts of vulnerabilities (if not outright backdoors) in IT equipment exported by American companies, it stands to reason that they are scared shitless of the reverse scenario. (3) There is an ever-increasing amount of code running outside the control of the operating system. Have you looked at the remote management options of a plain office PC lately? CPU microcode updates from the BIOS? And what *does* all that SMM code do? It's all completely trustworthy and bug free, I'm sure. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Hardware backdoors in Lenovo?
(2) Since the NSA has preferential access to all sorts of vulnerabilities (if not outright backdoors) in IT equipment exported by American companies, it stands to reason that they are scared shitless of the reverse scenario. but america would never do anything so ... evil. they're the good guys, remember?
Re: Hardware backdoors in Lenovo?
On Fri, Jul 26, 2013 at 08:36:17PM +, Christian Weisgerber wrote: (2) Since the NSA has preferential access to all sorts of vulnerabilities (if not outright backdoors) in IT equipment exported by American companies, it stands to reason that they are scared shitless of the reverse scenario. In fact Chinese hardware could be banned just because of theoretic future security risk. That's not to mention the fact that it may be banned because the US backdoors can't be planted any more - workstations for security-concious environments cost quite a lot, and banning some company from this market would make a good point in negotiating such delicate matters. (3) There is an ever-increasing amount of code running outside the control of the operating system. Have you looked at the remote management options of a plain office PC lately? CPU microcode updates from the BIOS? And what *does* all that SMM code do? It's all completely trustworthy and bug free, I'm sure. FWIW the network cards' firmware would serve a better place for backdoor - they interfere with network and do some cryptography the OS relies upon. -- Dmitrij D. Czarkoff
Re: Hardware backdoors in Lenovo?
On 07/26/2013 04:56 PM, Dmitrij D. Czarkoff wrote: On Fri, Jul 26, 2013 at 08:36:17PM +, Christian Weisgerber wrote: (2) Since the NSA has preferential access to all sorts of vulnerabilities (if not outright backdoors) in IT equipment exported by American companies, it stands to reason that they are scared shitless of the reverse scenario. In fact Chinese hardware could be banned just because of theoretic future security risk. That's not to mention the fact that it may be banned because the US backdoors can't be planted any more - workstations for security-concious environments cost quite a lot, and banning some company from this market would make a good point in negotiating such delicate matters. (3) There is an ever-increasing amount of code running outside the control of the operating system. Have you looked at the remote management options of a plain office PC lately? CPU microcode updates from the BIOS? And what *does* all that SMM code do? It's all completely trustworthy and bug free, I'm sure. FWIW the network cards' firmware would serve a better place for backdoor - they interfere with network and do some cryptography the OS relies upon. Don't forget disk drives. Hmmm, I've been reset, and we'rereading block 1. Let's give him hidden block 1.With a little tinkering,multiarchitecture takeovers. Geoff Steckel
Re: Hardware backdoors in Lenovo?
On Jul 26, 2013, at 1:54 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: (2) Since the NSA has preferential access to all sorts of vulnerabilities (if not outright backdoors) in IT equipment exported by American companies, it stands to reason that they are scared shitless of the reverse scenario. but america would never do anything so ... evil. they're the good guys, remember? I've never thought a great deal of the quantum or sci-fi parallel universes ideas, and in this one the score is clear. Meanwhile, even the new Beagle Bone has ~120KB of secure code and hands off execution to the user in non-secure supervisor mode. It's probably that way for my own good. Sigh. I may try to get past that since it's a cool little board.
Re: Hardware backdoors in Lenovo?
Michael Motyka wrote: Meanwhile, even the new Beagle Bone has ~120KB of secure code and hands off execution to the user in non-secure supervisor mode. It's probably that way for my own good. Sigh. I may try to get past that since it's a cool little board. http://www.colorforth.com/ -- Jack Woehr # We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is. http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905