-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Michal,
Am Mi den 4. Jan 2017 um 9:31 schrieb Michal Hocko:
> On Wed 04-01-17 09:15:27, Klaus Ethgen wrote:
> > Hi Michal,
> >
> > Am Mi den 4. Jan 2017 um 9:06 schrieb Michal Hocko:
> >
> > > > Jus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Michal,
Am Mi den 4. Jan 2017 um 9:31 schrieb Michal Hocko:
> On Wed 04-01-17 09:15:27, Klaus Ethgen wrote:
> > Hi Michal,
> >
> > Am Mi den 4. Jan 2017 um 9:06 schrieb Michal Hocko:
> >
> > > > Jus
til today.
I think it looks good but that is just my feeling. I don't know if it is
to early to say that.
I also did some heavy git repository actions to big repositories. The
system is in swap and still no OOMs.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.c
til today.
I think it looks good but that is just my feeling. I don't know if it is
to early to say that.
I also did some heavy git repository actions to big repositories. The
system is in swap and still no OOMs.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.c
4839.gb20...@dhcp22.suse.cz might
> > help.
Which of the 3 patches is the one? All 3 or just one.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 9
4839.gb20...@dhcp22.suse.cz might
> > help.
Which of the 3 patches is the one? All 3 or just one.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 6
-rss:1768kB
[34703.917075] Purging GPU memory, 4333 pages freed, 7594 pages still pinned.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 952C 949
-rss:1768kB
[34703.917075] Purging GPU memory, 4333 pages freed, 7594 pages still pinned.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F
in CC as I am not subscribed to LKML.
Regards
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
config.4.9.broken
in CC as I am not subscribed to LKML.
Regards
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
config.4.9.broken.1.bz2
Description: Binary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mi den 11. Nov 2015 um 11:54 schrieb Theodore Ts'o:
> On Wed, Nov 11, 2015 at 11:14:34AM +0100, Klaus Ethgen wrote:
> > > If you are going to do that level of auditing, then
> > > you can also check to make sure it's not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mi den 11. Nov 2015 um 3:04 schrieb Theodore Ts'o:
> On Tue, Nov 10, 2015 at 02:19:08PM +0100, Klaus Ethgen wrote:
> > > And that's the fundamenal problem. Saying that you can only be secure
> > > if **no** scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mi den 11. Nov 2015 um 3:04 schrieb Theodore Ts'o:
> On Tue, Nov 10, 2015 at 02:19:08PM +0100, Klaus Ethgen wrote:
> > > And that's the fundamenal problem. Saying that you can only be secure
> > > if **no** scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mi den 11. Nov 2015 um 11:54 schrieb Theodore Ts'o:
> On Wed, Nov 11, 2015 at 11:14:34AM +0100, Klaus Ethgen wrote:
> > > If you are going to do that level of auditing, then
> > > you can also check to make sure it's not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Di den 10. Nov 2015 um 14:35 schrieb Austin S Hemmelgarn:
> On 2015-11-10 08:19, Klaus Ethgen wrote:
> >Hi Ted, hy others in this discussion,
> >
> >Am Di den 10. Nov 2015 um 13:40 schrieb Theodore Ts'o:
> >>Whether
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Di den 10. Nov 2015 um 14:19 schrieb Klaus Ethgen:
> + capable(CAP_ENABLE_AMBIENT)))
Should be !capable ...
As I wrote, I ask for comments and critics. The implementation is _not_
tested right now!
Regards
Kl
Hi Ted, hy others in this discussion,
Am Di den 10. Nov 2015 um 13:40 schrieb Theodore Ts'o:
> On Tue, Nov 10, 2015 at 12:55:27PM +0100, Klaus Ethgen wrote:
> > > You can tell other people that they write privileged programs in the
> > > wrong programming language if y
would be a change
to get it into the kernel, I will come up with such a patch.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Di den 10. Nov 2015 um 14:35 schrieb Austin S Hemmelgarn:
> On 2015-11-10 08:19, Klaus Ethgen wrote:
> >Hi Ted, hy others in this discussion,
> >
> >Am Di den 10. Nov 2015 um 13:40 schrieb Theodore Ts'o:
> >>Whether
would be a change
to get it into the kernel, I will come up with such a patch.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 7
Hi Ted, hy others in this discussion,
Am Di den 10. Nov 2015 um 13:40 schrieb Theodore Ts'o:
> On Tue, Nov 10, 2015 at 12:55:27PM +0100, Klaus Ethgen wrote:
> > > You can tell other people that they write privileged programs in the
> > > wrong programming language if y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Di den 10. Nov 2015 um 14:19 schrieb Klaus Ethgen:
> + capable(CAP_ENABLE_AMBIENT)))
Should be !capable ...
As I wrote, I ask for comments and critics. The implementation is _not_
tested right now!
Regards
Kl
Well, did you see that majordomo is adding a footer to every mail? So
you get one mail direct without that footer and one from the list with
that footer. Both mails are different and share the same Message-ID.
> and if a MUA is reusing Message-ID's, then someone needs to
> file a bug again
ls and
never ever suppress some.
But lets keep that stuff offlist, it is OT. I will go ahead with group
reply.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0
Well, did you see that majordomo is adding a footer to every mail? So
you get one mail direct without that footer and one from the list with
that footer. Both mails are different and share the same Message-ID.
> and if a MUA is reusing Message-ID's, then someone needs to
> file a bug again
ls and
never ever suppress some.
But lets keep that stuff offlist, it is OT. I will go ahead with group
reply.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Guys,
Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > > In the light of that, using t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Guys,
Am Fr den 6. Nov 2015 um 19:18 schrieb Serge E. Hallyn:
> On Fri, Nov 06, 2015 at 06:56:20PM +0100, Klaus Ethgen wrote:
> > Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> > > In the light of that, using t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> > But that left out completely the, I think more important, usecase of
> > _removing_ SUID completely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn:
> On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote:
> > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Do den 5. Nov 2015 um 23:08 schrieb Serge E. Hallyn:
> On Thu, Nov 05, 2015 at 11:01:07AM -0800, Andy Lutomirski wrote:
> > On Thu, Nov 5, 2015 at 9:48 AM, Klaus Ethgen <klaus+l...@ethgen.de> wrote:
> > > -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 6. Nov 2015 um 16:53 schrieb Theodore Ts'o:
> On Fri, Nov 06, 2015 at 02:58:36PM +0100, Klaus Ethgen wrote:
> > But that left out completely the, I think more important, usecase of
> > _removing_ SUID completely
be something like
cap_ambient_cap capability to explicitly allow the use of ambient
capabilities.
I have to say that I do not know much about prctl. Just reading the man
page currently. But this seems to be about the second way of taking away
rights from UID 0 instead of explicitly g
at might be a longer way to go. I also don't think it it fully doable.
You do always need some applications having special rights. But I like
to pick exactly that rights instead using sudo or SUID.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20
ENT_RAISE, disabling ambient capabilities.
That I did miss out and seems to be the solution for the problem. So
adding cap_secure_all_bits,cap_secure_all_locks=ep to every binary that
gets other caps should solve it?
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
p
latest when a shell is involved that might
proceed many initialisation scripts, the possible damage is
incalculable.
I can live with that ambient capabilities if it is selectable while
compiling the kernel (even then, distribution kernels might be
vulnerable). But overall it is a nightma
latest when a shell is involved that might
proceed many initialisation scripts, the possible damage is
incalculable.
I can live with that ambient capabilities if it is selectable while
compiling the kernel (even then, distribution kernels might be
vulnerable). Bu
at might be a longer way to go. I also don't think it it fully doable.
You do always need some applications having special rights. But I like
to pick exactly that rights instead using sudo or SUID.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF
be something like
cap_ambient_cap capability to explicitly allow the use of ambient
capabilities.
I have to say that I do not know much about prctl. Just reading the man
page currently. But this seems to be about the second way of taking away
rights from UID 0 instead of explicitly g
ENT_RAISE, disabling ambient capabilities.
That I did miss out and seems to be the solution for the problem. So
adding cap_secure_all_bits,cap_secure_all_locks=ep to every binary that
gets other caps should solve it?
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
p
he can set it himself.
> And if your old workflow gave a capability to something you don't
> trust, and that then decides to now uses the ambient capabilities,
> what does that change? It had the capability already.
Well, not really. With the former approach, the capabilities in pI can
o
d systems!
Regards
Klaus Ethgen
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQGcBAEBCgAGBQJWN6YaAAoJEKZ8CrG
d systems!
Regards
Klaus Ethgen
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Ve
he can set it himself.
> And if your old workflow gave a capability to something you don't
> trust, and that then decides to now uses the ambient capabilities,
> what does that change? It had the capability already.
Well, not really. With the former approach, the capabilities in pI can
o
se keep me in Cc
for this reason.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQGcBAEBCgAGBQJWC8HFAAoJ
se keep me in Cc
for this reason.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
errno when trying to set a to high
value.)
Please keep me in Cc as I do not monitor this List that often.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20
errno when trying to set a to high
value.)
Please keep me in Cc as I do not monitor this List that often.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen kl...@ethgen.de
Fingerprint: 85D4 CA42 952C 949B 1753 62B3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Mi den 18. Feb 2015 um 16:39 schrieb Jani Nikula:
> On Tue, 17 Feb 2015, Klaus Ethgen wrote:
> > After solving the conflicts, I applied the revert (see attachment) to
> > v3.18.7. I think it should also apply to t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Mi den 18. Feb 2015 um 16:39 schrieb Jani Nikula:
On Tue, 17 Feb 2015, Klaus Ethgen klaus+l...@ethgen.de wrote:
After solving the conflicts, I applied the revert (see attachment) to
v3.18.7. I think it should also apply to the current
into it. I especially do not know
if the lines in .../intel_pm.c are correct or better leaving them as
they are in v3.18.7.
I want to have it working on a version that I know is stable before
asking to pull it to head.
Regards
Klaus
--
Klaus Ethgen http
into it. I especially do not know
if the lines in .../intel_pm.c are correct or better leaving them as
they are in v3.18.7.
I want to have it working on a version that I know is stable before
asking to pull it to head.
Regards
Klaus
--
Klaus Ethgen http
of 3.18.7. (It does not clean
revert.)
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
of 3.18.7. (It does not clean
revert.)
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen kl...@ethgen.de
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
the source of the problem but could try to eliminate that
too.
So if anybody has an easy way to catch down that suspend beast, I would
appreciate the help.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen
Fingerprint:
of the problem but could try to eliminate that
too.
So if anybody has an easy way to catch down that suspend beast, I would
appreciate the help.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen kl...@ethgen.de
Fingerprint
56 matches
Mail list logo