Re: [gentoo-dev] Re: maintainer-needed@ packages need you!
Hi, On Sat, 10 Jan 2015 00:01:46 +0100 Matthias Maier wrote: Am 09. Jan 2015, 23:42 schrieb Diamond diam...@hi-net.ru: [...] (that's why I used all that LXC and separate X server precautions). Can you give any reference about how to isolate Skype properly using LXC? This one is a good walkthrough: https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/ Though it uses the same X server I'm also interested in the separate X server part =) I'm too lazy to write a full manual right now. In short, there are two ways to solve this: 1) Setup X server in LXC container. This will require a lot of maintenance (and trouble) during setup and updates. 2) Build xorg with USE=xnest, run it, and provide an access to required display to skype (via either Unix or TCP socket). Beware that one wouldn't be able to change window sizes and positions that way, so one would probably want to run some simple WM, like twm. Another note is that skype will still be able to intercept audio and video input (if configured so, otherwise one wouldn't be able to use it otherwise as instant messenger), so it should be run only on per-needed basis (or at least given an access to this devices on per-needed basis). Best regards, Andrew Savchenko pgpzunHroATGl.pgp Description: PGP signature
Re: [gentoo-dev] Re: qa last rites -- long list
On Thu, 8 Jan 2015 09:16:36 -0600 William Hubbs willi...@gentoo.org wrote: Rich is correct, maintainers are no longer bound by the games team policy. I didn't know this. If that's the case, I'd like to proxy-maintain nethack. I'll try and prepare the neccessary ebuild changes. Luis Ressel pgpDC_qIfUsBS.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] qa last rites multiple packages
On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: # Sergey Popov pinkb...@gentoo.org (04 Sep 2014) # Security mask, wrt bugs #488212, #498164, #500260, # #507802 and #518718 virtual/mysql-5.5 dev-db/mysql-5.5.39 The only upgrade path still supported is via MySQL 5.1; so we need to a single 5.1 build. dev-db/mariadb-5.5.39 Nothing matches this mask anymore. # Ulrich Müller u...@gentoo.org (15 Jul 2014) # Permanently mask sys-libs/lib-compat and its reverse dependencies, # pending multiple security vulnerabilities and QA issues. # See bugs #515926 and #510960. ... sys-block/afacli There is no replacement for AACRAID admin. # Sergey Popov pinkb...@gentoo.org (20 Mar 2014) # Security mask of vulnerable versions, wrt bug #424167 net-nds/openldap-2.4.35 - As Patrick noted, we need to keep one 2.3.x version, for those that need to interact with other systems, as replication does not work between different major versions. - Can somebody from s390 ppc64 please stabilize a newer build as well, you're both back on 2.4.30 as well; per bug #516108. # klie...@gentoo.org (01 Apr 2004) # The following packages contain a remotely-exploitable # security vulnerability and have been hard masked accordingly. # # Please see http://bugs.gentoo.org/show_bug.cgi?id=44351 for more info # games-fps/unreal-tournament-goty games-fps/unreal-tournament-strikeforce games-fps/unreal-tournament-bonuspacks games-fps/aaut The games themselves still work, and are lots of fun. export YES_I_ACCEPT_THIS_SECURITY_RISK_I_WANT_MY_GAME=1 -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
Re: [gentoo-dev] Packages up for grabs
On Wed, Jan 07, 2015 at 03:06:08PM +0100, Pacho Ramos wrote: net-proxy/dante I maintained this back in 2003, i'll take it on again. -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
Re: [gentoo-dev] Re: qa last rites -- long list
Dnia 2015-01-08, o godz. 10:45:33 Pacho Ramos pa...@gentoo.org napisał(a): El mié, 07-01-2015 a las 19:19 -0500, Jonathan Callen escribió: [...] The only reason there is a security issue with nethack (and other games like it) on Gentoo, and only on Gentoo, is that the games team policy requires that all games have permissions 0750, with group games, and all users that should be allowed to run games be in the games group. Nethack expects that it have permissions 2755 (or 2711), with group games and that *no* users are members of that group, so it can securely save files that are accessible to all users during gameplay (bones files) and ensure that the user cannot access/change their current save file. These two expectations are incompatible with each other, and end up creating a security issue that upstream would never expect (as no users can be in the games group traditionally). If I don't misremember Council allowed finally people to not be mandated by that games team policies and, then, I guess that could finally allow to drop that security issue no? :/ If it were that simple... but we need to clean up that long-outstanding mess. And we have no guarantees someone won't bring it back to us since the eclasses are still allowed to be used. -- Best regards, Michał Górny pgpTSTGKbffBL.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] Re: maintainer-needed@ packages need you!
On Sun, 7 Sep 2014 01:16:57 +0400 Andrew Savchenko birc...@gmail.com wrote: It should be noted that at least in Linux skype is much harder to install and use since it requires pulseaudio and I don't use that sh^W stuff. So skype reqires its own LXC container set up which is doable, but costed me a day (with all tight isolation stuff). And I even had not mentione that installation of skype equals to trojan injection into the system (that's why I used all that LXC and separate X server precautions). Can you give any reference about how to isolate Skype properly using LXC?
Re: [gentoo-dev] Re: maintainer-needed@ packages need you!
Am 09. Jan 2015, 23:42 schrieb Diamond diam...@hi-net.ru: [...] (that's why I used all that LXC and separate X server precautions). Can you give any reference about how to isolate Skype properly using LXC? I'm also interested in the separate X server part =)