Re: [DNG] gvfs depends on libsystemd0

[Rick Moen]

Quoting Alessandro Selli (alessandrose...@linux.com):

> I argued against the assertion by Rick Moen that sudo constitutes "a
> proxy for the root password"...

I did not so state.

I characterised a particular usage model of sudo as such.

As for the rest, if it's not apparent to you that letting a credential
for normal user login also suffice for root privilege weakens security 
over escalation to root requiring a separate password, I would prefer to
abandon further discussion as fruitless, and I do regret that this
turned out to be the case.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Dragan FOSS]

On 04/11/2017 01:27 AM, aitor_czr wrote:

As i can see, lines like:


As I can see, your version needs one more patch :)

***
--- 
/media/dragan/TRIOS/TMP/Aitor/gvfs-master-64caae2fe2bdd1aeb2d65cdcdb326f170718eb2a/debian/control

+++ /media/dragan/TRIOS/TMP/Adam/gvfs-1.22.2/debian/control
@@ -41,7 +41,6 @@
libimobiledevice-dev (>= 1.1.5) [!hurd-any],
libplist-dev,
libudisks2-dev (>= 1.97) [linux-any],
-   libsystemd-login-dev (>= 44) [linux-any],
libgtk-3-dev
 Standards-Version: 3.9.6
 Homepage: https://wiki.gnome.org/Projects/gvfs
***

Cheers,
Dragan

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Hendrik Boom]

On Tue, Apr 11, 2017 at 12:55:37PM +0100, KatolaZ wrote:
> 
> OK, but you would agree that, if you find yourself in such an
> "unprotected enviroment", there is not much difference between typing
> the root password and typing the password of a user who can become
> root by "sudo su".

This is true only if you configure sudo to allow the use of su.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Alessandro Selli]

On Tue, 11 Apr 2017 at 12:55:37 +0100
KatolaZ  wrote:

> On Tue, Apr 11, 2017 at 01:34:19PM +0200, Alessandro Selli wrote:
> 
> [cut]
> 
> >   One cannot avoid using at least once his own password at the start of
> > the session, so this password cannot be completely secured when operating
> > in an open or unprotected environment.  If need arises to perform, in
> > that same environment, a task that requires root privileges, then sudo is
> > the easiest way to perform that task without exposing the superuser's
> > password at all.
> > 
>
> OK, but you would agree that, if you find yourself in such an
> "unprotected enviroment", there is not much difference between typing
> the root password and typing the password of a user who can become
> root by "sudo su".

  No, I do not agree.  There is in fact a big difference: would someone gain
knowledge of your unpriviledged user's password, then would attackers
manage to have a shell access to your PC they whould only be able to do what
you can do and what you configured sudo to let your user do. Gaining knowledge
of the superser's password allows unrestricted access to all the systems'
resources after a shell is obtained.

> No automagic can replace a reasonable behaviour, especially when it
> comes to security.

  Of course.  I do state anyway that sudo is inherently more secure than su.

> The worst aspect of sudo is that it has deluded
> users in thinking that the sudo-way is "more secure".

  Again, every useful security tool can be misconfigured and abused into a
security hazard.  ssh can be, PAM can be, LDAP can be, SSL/TLS can be,
Kerberos can be, SUID is, Linux Capabilities can be, ACL can be and so on and
on. This is however just a pretext when arguing against the use of these
tools.




-- 
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[KatolaZ]

On Tue, Apr 11, 2017 at 01:34:19PM +0200, Alessandro Selli wrote:

[cut]

>   One cannot avoid using at least once his own password at the start of the
> session, so this password cannot be completely secured when operating in an
> open or unprotected environment.  If need arises to perform, in that same
> environment, a task that requires root privileges, then sudo is the easiest
> way to perform that task without exposing the superuser's password at all.
> 

OK, but you would agree that, if you find yourself in such an
"unprotected enviroment", there is not much difference between typing
the root password and typing the password of a user who can become
root by "sudo su".

No automagic can replace a reasonable behaviour, especially when it
comes to security. The worst aspect of sudo is that it has deluded
users in thinking that the sudo-way is "more secure". Which is totally
BS (I mean Brutally Simplistic, obviously).

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Alessandro Selli]

On Tue, 11 Apr 2017 at 07:13:36 +0100
Klaus Ethgen  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Am Mo den 10. Apr 2017 um 22:09 schrieb Alessandro Selli:
> >   You still should use sudo, with a password - the user's own password. 
> > Using root password many times, every day, is bad for security (the more
> > times you type it the higher the chances are it will be captured)
>
> That is a common misunderstanding.
>
> If you have (like many people) have your account allowed to do
> everything with sudo, than it doesn't matter if you have to type the
> root password or your own. If a attacker can get hand on one of that
> two, he can use it.

  Setting up sudo to allow an unprivileged account to perform any action with
superuser privileges with no password is bad security practice, and I never
supported or argued in it's favor.
  Assuming that the fact that sudo could be misconfigured and abused is a
valid point against it's use is the same as stating that ssh certificates
could be generated with weak hashes and protected by poorly chosen
passphrases, and that it should for this reason not be used.

> Moreover, it raises the attack vector from one password to two.

  I argued against the assertion by Rick Moen that sudo constitutes "a proxy
for the root password", while I was advocating it's use as a way to avoid
completely any use of the superuser password, thus preventing it from been
exposed.
  One cannot avoid using at least once his own password at the start of the
session, so this password cannot be completely secured when operating in an
open or unprotected environment.  If need arises to perform, in that same
environment, a task that requires root privileges, then sudo is the easiest
way to perform that task without exposing the superuser's password at all.

> That stupid use of sudo (That was initialize introduced by ubuntu)
> should have an end.

  The fact that some stupid people configure useful tools in a stupid way
does not prove that those tools are bad.  It only proves that there are
stupid people.  And I do know there are way more people who chose ease of use
to security: this is not a good reason because I forgo using the right tools
the right way.
  Taking the bad practices of Ubuntu as a reason to do away with sudo
entirely is stupid, too.  It's like stating that PAM should  be eradicated
from any GNU/Linux distribution because some stupid folk staffed /etc/pam.d/*
files with lines like:

password sufficient pam_unix.so nullok minlen=0

> Another think is if (or not) you should allow login as root via password
> at all.

  Locally yes, of course, over selected secure terminals.  Not over the
network, for sure.

> Regards
>Klaus
> - -- 
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> -BEGIN PGP SIGNATURE-
> Comment: Charset: ISO-8859-1
> 
> iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAljsdA8ACgkQpnwKsYAZ
> 9qw9eQwAoVxp91qFTzDq0AEGXs4IJqnpPu/rJ5jbkcyOCCRnBJB/Lrr/CyBB6HcF
> xvVwHy2ReprGpUEOhnPQxPujtL0JLFzw0wrs2W8m29R/NudgI26j4Yu3FVtOYacc
> kvNofJfp6o8gRvgE8ontlNY8VheKLy9d8G/tub1SyiYg9vqZ7uizCee0UWD1wB+n
> T7U3ZX1Do6mPim1no03SrfQ25dHSRND3JaRYfg2wgV+ACaVtKOfkaTtMLCV6O8xJ
> L/3jMBvAxgRrxl11zEQyeKsRUkbgVvt14VRPW/f8p7NqDJRRPffU0+2xN5yrltRi
> z4n47ynBWdsIJIFdJ5nq4UQdsq3F8kT/PBL9gNw5DjO8EZY921EIiALF3NC88K4C
> QjATaCWggznidyz4Pm1bJ13474uo9htX42UBngTgi0ESFdNNtXCUiDC9+ApyQTlp
> AM9odcsdrLY/FGNj2c99TI2Cb77OXzeACBRToIfhIGCiydoSnA873yggIR/WRD/5
> P1xeWINK
> =KNz/
> -END PGP SIGNATURE-
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng



-- 
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Alessandro Selli]

Il giorno Tue, 11 Apr 2017 05:28:29 +0200
marc  ha scritto:

> >   You still should use sudo, with a password - the user's own password. 
> > Using root password many times, every day, is bad for security (the more
> > times you type it the higher the chances are it will be captured) and it
> > instills the desire of an easy to remember and fast to type password.
> 
> 
> What people often overlook is that having a real root password
> is that is possible to press control-alt-F2 and log in as
> root on a text console.

  You still have to type the superuser's password, so you gain almost no
more protection.

> To intercept the password in that case typically requires root
> anyway, or some sort of physical access - in either case the
> game is already over.

  Having to type the superuser password for tasks that could be configured to
work without is bad; it's only a matter of time before you have to choose
between typing it in an unprotected environment (in an airport,
bus terminal, in an openspace, any place crowded with people, cameras and
microphones) or forgo taking advantage of a basic OS' function when actually
needed.

> This is different to using sudo or su, where a random javascript
> exploit can control firefox which then straces your xterm or
> updates your .bashrc to grab your password the next time you
> type su or sudo.

  This is true of whatever you do with your PC and browser.  "The only
totally secure PC is a PC with it's power plug pulled off".

  Anyway, what is worse, having that jscript capture your system's
superuser password, or your unprivileged user's that is now running firefox?

[...]

> Sudo has its uses, but the practice of using sudo and no root
> password is a convenience (fewer passwords to remember) which
> typically weakens security.

  No, it's mostly security: having to type the superuser's password when
easily avoidable exposes the system's most critical password to be
captured.  There are many circumstances when typing *any* password is just
crazy, let alone the superuser one.  If some privileged task has to be
carried out in an unsecure environment, su is the command to avoid.  You
either have sudo (or some other like tool) preconfigured to perform that task
with no password or, at most, with your unprivileged user password.  Of
course doing nothing is the most secure option, but if you have a PC I
suppose you have it for a purpose, to run it and take advantage of it's
capabilities.



-- 
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Alessandro Selli]

Il giorno Mon, 10 Apr 2017 15:17:46 -0700
Rick Moen  ha scritto:

> Quoting Alessandro Selli (alessandrose...@linux.com):
> 
> >   IMO, using root's password in those same cases is the worst possible
> > password use case.  One thing is your non-privileged user's password
> > being captured when you mount an external drive, a different thing is
> > giving away root's password performing the same trivial task.
> 
> You might have missed my point that your suggestion makes that
> 'non-privileged user's password' privileged -- such that every time you
> use it in any situation, you are exposing a privleged password.  Which 
> I deem very undesirable.

 You might have missed my point that your use of *superuser* password when
unneeded exposes that privileged password when it can easily be avoided in
serveral ways, that either expose an unpriviledged password or does not
require any.

>>> but it also has a secondary use to escalate privilege to root.
>> 
>> Just like using su does.
>
> 'su -' does of course escalate (obviously), but _not_ as a secondary use
> of an otherwise non-privileged login.

  Right.  It "only" exposes the system's *superuser* password.

>  But I think the point should be
> clear, and I don't care to keep re-discussing this point.
>
> Anyway, I'm glad whatever you do works for you.

  I did not argue that my way works and other people's does not.  I'm
only stating the obvious: using the root user's password for simple tasks
that are easily configured in many alternative ways to work without requiring
the user to type the superuser password exposes the most critical system
password to be recorded/intercepted/glanced etc.

>> Needing to type it just to mount an external drive increases the
>> chances it will be used many times when easily avoidable.
>
> As already mentioned, this does not describe my experience.

  So what?  Do you adopt security measures to counter vulnerabilities or
neutralize attack vectors only *after* you personally suffered a security
breach?

>>  This too would be a better solution than having to use su to just
>> mount external drives.
>
> I do not concur, because IMO mounting/umounting is, in the general case,
> security sensitive and ought to be treated with caution, which includes
> not permitting arbitrary mounts/umounts by unprivileged users.

  sudo does permit selected users perform selected operations as another
user.  When it's configured to allow any user perform any task as the
superuser than it's been abused.  But assuming that the possibility of sudo
to be misconfigured and abused is a valid point to argue against it's use is
like arguing against setting any password to the superuser because it's
possible that people set a weak password on that user.

>  But I
> think the point should be clear, and I don't care to keep re-discussing
> this point.
>
>> This is precisely the reason I suggested using sudo, which allows
>> fine-tuning who gets to do what as another user.
>
> IMO mounting/umounting is, in the general case, security sensitive and
> ought to be treated with caution,

  I agree, this is exactly the reason I think mounting/unmounting external
devices should be either configured in /etc/fstab or under sudo or some
other secure mechanism. There is however no connection between the fact that
mounting devices is a potential security sensitive operation and the fact
that the more often a user has to type the root user's password
(expecially when unneccessary) increases the chances that this password is
captured by a third party.

> which includes not permitting
> arbitrary mounts/umounts by unprivileged users.

  sudo can be used to allow only some selected users to perform
mountig/unmounting of some selected drives onto selected directories.  The
implication that use of sudo per se exposes any unprivileged user to perform
"arbitrary mounts/umounts" is baseless.  The fact that administrative tools
can be misconfigured and abused does not prove that those tools are bad for
security, otherwise one could well argue against the use of each of them,
starting from PAM and ending with Kerberos.



-- 
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[KatolaZ]

On Tue, Apr 11, 2017 at 11:31:35AM +0200, aitor_czr wrote:

[cut]

> 
> Now, the priority are the manpages. You can read more here:
> 
> https://dev1galaxy.org/viewtopic.php?id=43
> 
> Recently i tried to run a devuan vanilla with vdev and a 4.x kernel, and it
> didn't work (in live mode) because the system searched for a cdrom_id
> binary, non existent in vdev. On the other hand, you will need to set your
> keyboard configuration at every reboot (minor issue) depending on your
> keymap. Beyond that,vdev works fine for me.
> 

Thanks aitor. It would be great to have vdev in ascii, innit? Do you
think it might be possible to try building the vdev package through
the Devuan CI system, and put it in experimental, so that people can
start playing with it? 

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] gvfs depends on libsystemd0

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mo den 10. Apr 2017 um 22:09 schrieb Alessandro Selli:
>   You still should use sudo, with a password - the user's own password. 
> Using root password many times, every day, is bad for security (the more
> times you type it the higher the chances are it will be captured)

That is a common misunderstanding.

If you have (like many people) have your account allowed to do
everything with sudo, than it doesn't matter if you have to type the
root password or your own. If a attacker can get hand on one of that
two, he can use it.

Moreover, it raises the attack vector from one password to two.

That stupid use of sudo (That was initialize introduced by ubuntu)
should have an end.

Another think is if (or not) you should allow login as root via password
at all.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAljsdA8ACgkQpnwKsYAZ
9qw9eQwAoVxp91qFTzDq0AEGXs4IJqnpPu/rJ5jbkcyOCCRnBJB/Lrr/CyBB6HcF
xvVwHy2ReprGpUEOhnPQxPujtL0JLFzw0wrs2W8m29R/NudgI26j4Yu3FVtOYacc
kvNofJfp6o8gRvgE8ontlNY8VheKLy9d8G/tub1SyiYg9vqZ7uizCee0UWD1wB+n
T7U3ZX1Do6mPim1no03SrfQ25dHSRND3JaRYfg2wgV+ACaVtKOfkaTtMLCV6O8xJ
L/3jMBvAxgRrxl11zEQyeKsRUkbgVvt14VRPW/f8p7NqDJRRPffU0+2xN5yrltRi
z4n47ynBWdsIJIFdJ5nq4UQdsq3F8kT/PBL9gNw5DjO8EZY921EIiALF3NC88K4C
QjATaCWggznidyz4Pm1bJ13474uo9htX42UBngTgi0ESFdNNtXCUiDC9+ApyQTlp
AM9odcsdrLY/FGNj2c99TI2Cb77OXzeACBRToIfhIGCiydoSnA873yggIR/WRD/5
P1xeWINK
=KNz/
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng