On Mon, Jun 30, 2008 at 10:19 PM, Michael Stone [EMAIL PROTECTED] wrote:
On Mon, Jun 30, 2008 at 04:58:33PM -0400, C. Scott Ananian wrote:
+ yum -yt --nogpgcheck install $pkgs
1. As an earlier commenter hinted, you want localinstall because
otherwise yum may try to talk
On Tue, Jul 01, 2008 at 08:05:46AM -0400, C. Scott Ananian wrote:
3. Why do we care whether there's a devkey? We would actually be better
off checking that all the RPMs we're installing are owned by uid 0,
this being the exact privilege that we're attempting to safeguard.
because
On Tue, Jul 1, 2008 at 11:36 AM, Michael Stone [EMAIL PROTECTED] wrote:
http://dev.laptop.org/git?p=security;a=blob;f=rainbow.txt;hb=HEAD#l101
in my opinion, the cheapest way to implement P_SF_CORE + P_SF_RUN is by
turning the root password into a developer key, then by applying a CoW
layer
On Fri, Mar 7, 2008 at 3:23 AM, Michael Stone [EMAIL PROTECTED] wrote:
---
olpc-configure | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/olpc-configure b/olpc-configure
Slight variant, which passes my muster (unless someone convinces me it
On Mon, Jun 30, 2008 at 04:58:33PM -0400, C. Scott Ananian wrote:
+ yum -yt --nogpgcheck install $pkgs
1. As an earlier commenter hinted, you want localinstall because
otherwise yum may try to talk to the network in order to download its
header cache and to look for
On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote:
Classic privilege-escalation attack.
/, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids
0 and 500 have direct access to uid 0. Therefore, if Mallory can affect
what files are pointed to by $PKGDIR, then she
On Fri, Mar 7, 2008 at 12:00 PM, Michael Stone [EMAIL PROTECTED] wrote:
On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote:
Why is this being proposed, Michael?
I believe that, when used judiciously, it adds valuable flexibility to
the customization process that our
On Fri, Mar 07, 2008 at 12:04:29PM -0500, C. Scott Ananian wrote:
I asked for specific use cases.
I apologize if I was inadequately specific in my previous email. As I
alluded to before, three specific groups who I am confident would
benefit from the ability to install RPMs via a USB-based
On Fri, Mar 7, 2008 at 12:56 PM, Michael Stone [EMAIL PROTECTED] wrote:
On Fri, Mar 07, 2008 at 12:04:29PM -0500, C. Scott Ananian wrote:
I asked for specific use cases.
a) Walter and the teachers he's training, who would like an easy way
to install gnuchess, since Gcompris doesn't yet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Stone wrote:
| On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote:
| Classic privilege-escalation attack.
|
| /, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids
| 0 and 500 have direct access to uid 0.
On Fri, Mar 07, 2008 at 03:32:14PM -0500, Benjamin M. Schwartz wrote:
First, thanks very much for the constructive criticism.
This discussion is ultimately about Bitfrost's P_SF_RUN,
We should certainly design a solution compatible with P_SF_RUN. I submit
that the tactical part of the
On Fri, Mar 7, 2008 at 12:00 PM, Michael Stone [EMAIL PROTECTED] wrote:
On Fri, Mar 07, 2008 at 10:11:06AM -0500, C. Scott Ananian wrote:
Classic privilege-escalation attack.
/, /home, and /home/olpc, are only writable by uids 0 and 500. Both uids
0 and 500 have direct access to uid 0.
12 matches
Mail list logo