On Monday 26 December 2005 22:12, J.C. Roberts wrote:
On Mon, 26 Dec 2005 11:39:22 -0500, Dave Feustel
[EMAIL PROTECTED] wrote:
Don't use sudo in any konsole session.
Dave,
I don't think you're nuts but the fear mongering without providing any
proof or details of a compromise is
On Tue, 27 Dec 2005, Dave Feustel wrote:
by KDE are root-owned and world rw. There is also a problem with the socket
/tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD
presentation on XFree86 from about 2002.
Dunno about KDE but can you elaborate or give refs why having a
On 12/27/05, Dave Feustel [EMAIL PROTECTED] wrote:
On Monday 26 December 2005 22:12, J.C. Roberts wrote:
On Mon, 26 Dec 2005 11:39:22 -0500, Dave Feustel
[EMAIL PROTECTED] wrote:
Don't use sudo in any konsole session.
Dave,
I don't think you're nuts but the fear mongering without
On Tuesday 27 December 2005 11:05, Otto Moerbeek wrote:
On Tue, 27 Dec 2005, Dave Feustel wrote:
by KDE are root-owned and world rw. There is also a problem with the socket
/tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD
presentation on XFree86 from about 2002.
On Tue, 27 Dec 2005, Dave Feustel wrote:
On Tuesday 27 December 2005 11:05, Otto Moerbeek wrote:
On Tue, 27 Dec 2005, Dave Feustel wrote:
by KDE are root-owned and world rw. There is also a problem with the
socket
/tmp/.X11-unix/X0. This is documented on the web and even in an
On 12/27/05, Otto Moerbeek [EMAIL PROTECTED] wrote:
On Tue, 27 Dec 2005, Dave Feustel wrote:
by KDE are root-owned and world rw. There is also a problem with the socket
/tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD
presentation on XFree86 from about 2002.
Dunno
Marc Espie and Dirk at kde have acknowledged the security problem OpenBSD
has with kde kgrantpty. The problem with /tmp/.X11-unix/X0 addressed by the
2003 paper on XFree86 still exists today with Xorg. If the rest of you fail to
see
the problem, even when the evidence is available to you on
On Tue, 27 Dec 2005, Ted Unangst wrote:
On 12/27/05, Otto Moerbeek [EMAIL PROTECTED] wrote:
On Tue, 27 Dec 2005, Dave Feustel wrote:
by KDE are root-owned and world rw. There is also a problem with the
socket
/tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD
Dave,
I keep reading your emails and many answer to them as well. So far,
nothing is evidence or anything yet. Also, based on some of your latests
emails, look like the intruder is still coming back to your box still
and you reboot the KDE to kick him/here out.
Look like you are saying
On 12/27/05, Otto Moerbeek [EMAIL PROTECTED] wrote:
this is obviously a source of confusion. the permissions on a socket
mean *nothing*. anyone can open any socket regardless of permissions,
so long as they have necessary directory permissions to find it.
That used to be the case. But
Dave Feustel wrote:
The problem with /tmp/.X11-unix/X0 addressed by the
2003 paper on XFree86 still exists today with Xorg.
What problem? X11 implements its own authentication.
-d
Don't use sudo in any konsole session.
--
Lose, v., experience a loss, get rid of, lose the weight
Loose, adj., not tight, let go, free, loose clothing
On Mon, Dec 26, 2005 at 11:39:22AM -0500, Dave Feustel wrote:
Don't use sudo in any konsole session.
Dave, either you tell us _why_ you think it's bad, or keep your tips to
yourself and stop causing confusion.
Tobias :)
On 12/26/05, Dave Feustel [EMAIL PROTECTED] wrote:
Don't use sudo in any konsole session.
That's odd. Why shouldn't you use sudo?
Mike
On 26/12/05, Tobias Ulmer [EMAIL PROTECTED] wrote:
On Mon, Dec 26, 2005 at 11:39:22AM -0500, Dave Feustel wrote:
Don't use sudo in any konsole session.
Dave, either you tell us _why_ you think it's bad, or keep your tips to
yourself and stop causing confusion.
I assume:
On Mon, 26 Dec 2005 11:39:22 -0500, Dave Feustel
[EMAIL PROTECTED] wrote:
Don't use sudo in any konsole session.
Dave,
I don't think you're nuts but the fear mongering without providing any
proof or details of a compromise is questionable at best.
If you really were compromised while running
16 matches
Mail list logo