Once upon a time, Kyle Marek said:
> On 06/22/2018 05:15 PM, Chris Adams wrote:
> > And basic Unix permissions... because there can be privileged content in
> > GRUB config and even initramfs.
>
> That's interesting. I generally don't see /boot as something that normal
> users shouldn't be able t
On 06/22/2018 05:15 PM, Chris Adams wrote:
> Once upon a time, Matthew Miller said:
>> On Fri, Jun 22, 2018 at 03:30:23PM -0400, Kyle Marek wrote:
>>> Anaconda in F28 currently claims /boot cannot be vfat. However, this
>>> appears to be an artificial limitation, because `grub2-install` works
>>>
Once upon a time, Matthew Miller said:
> On Fri, Jun 22, 2018 at 03:30:23PM -0400, Kyle Marek wrote:
> > Anaconda in F28 currently claims /boot cannot be vfat. However, this
> > appears to be an artificial limitation, because `grub2-install` works
> > and makes a bootable GRUB with a vfat-typed --
On Fri, Jun 22, 2018 at 1:54 PM, Kyle Marek wrote:
> On 06/22/2018 03:35 PM, Chris Murphy wrote:
>
> What is the benefit to sharing $BOOT between different operating
> systems/distros?
Some of this is argued in the two BootLoaderSpecs. Mainly to avoid
stomping on each other's installations and b
On Fri, Jun 22, 2018 at 1:30 PM, Kyle Marek wrote:
> Anaconda in F28 currently claims /boot cannot be vfat. However, this appears
> to be an artificial limitation, because `grub2-install` works and makes a
> bootable GRUB with a vfat-typed --boot-directory.
> I'm not sure why there would be an is
On Fri, Jun 22, 2018 at 12:57 PM, Lennart Poettering
wrote:
> On Fr, 22.06.18 19:01, Javier Martinez Canillas (jav...@dowhile0.org) wrote:
>
>> > Whereas constantly changing the ESP, means we need some way to
>> > establish a master and rsync to the extras.
>>
>> So the consensus seems to be to ha
On Fri, Jun 22, 2018 at 07:24:54PM +0200, Björn Persson wrote:
> Till Maas wrote:
> > I do not see any reason why a user would put something in ~/bin that
> > would mask something in /usr/bin except to actually mask the binary. It
> > is the same with other user configuration, anyone expects ~/.ssh
On 06/22/2018 03:35 PM, Chris Murphy wrote:
> On Fri, Jun 22, 2018 at 11:01 AM, Javier Martinez Canillas
> wrote:
>> On Thu, Jun 21, 2018 at 11:19 PM, Chris Murphy
>> wrote:
>>
>> [snip]
>>
> OK anyway, I don't see broad BLS consensus forming yet, but I do see
> two items that aren't con
On Fri, Jun 22, 2018 at 03:30:23PM -0400, Kyle Marek wrote:
> Anaconda in F28 currently claims /boot cannot be vfat. However, this
> appears to be an artificial limitation, because `grub2-install` works
> and makes a bootable GRUB with a vfat-typed --boot-directory.
> I'm not sure why there would b
On Fri, Jun 22, 2018 at 05:01:38PM +0100, Tomasz Kłoczko wrote:
> On Fri, 22 Jun 2018 at 13:36, Till Maas wrote:
> [..]
> > > The attacker could have looked up the exploit on the web.
> >
> > If it is a public exploit, then it is usually fixed by updates,
> > especially if the impact is that big.
On Fri, Jun 22, 2018 at 11:01 AM, Javier Martinez Canillas
wrote:
> On Thu, Jun 21, 2018 at 11:19 PM, Chris Murphy
> wrote:
>
> [snip]
>
>>>
OK anyway, I don't see broad BLS consensus forming yet, but I do see
two items that aren't controversial and could move forward as part of
t
On 06/22/2018 02:57 PM, Lennart Poettering wrote:
> On Fr, 22.06.18 19:01, Javier Martinez Canillas (jav...@dowhile0.org) wrote:
>
>>> Whereas constantly changing the ESP, means we need some way to
>>> establish a master and rsync to the extras.
>> So the consensus seems to be to have the BLS fragm
On Fr, 22.06.18 19:01, Javier Martinez Canillas (jav...@dowhile0.org) wrote:
> > Whereas constantly changing the ESP, means we need some way to
> > establish a master and rsync to the extras.
>
> So the consensus seems to be to have the BLS fragments in
> $BOOT/loader/entries even on EFI, where $
On Mon, Jun 18, 2018 at 02:42:40PM -0700, Andrew Lutomirski wrote:
> > On Jun 18, 2018, at 10:02 AM, Javier Martinez Canillas
> > wrote:
> >
> >> On Thu, Jun 14, 2018 at 10:20 PM, Chris Murphy
> >> wrote:
> >> On Thu, Jun 14, 2018 at 12:51 PM, Adam Williamson
> >> wrote a monolithic config
> >
On Mon, Jun 18, 2018 at 11:55:28PM +0100, Tom Hughes wrote:
> On 18/06/18 23:46, Javier Martinez Canillas wrote:
> > On Mon, Jun 18, 2018 at 11:54 PM, Tom Hughes wrote:
> > > On 18/06/18 18:15, Peter Jones wrote:
> > >
> > > > That's true - though we actually shipped nearly all of the code to
> >
On Wed, 13 Jun 2018, 14:14 Miro Hrončok, wrote:
> I've just started to build the bootstrap sequence in a side tag
> (f29-python).
>
> This should not affect you mostly but if you have a Python 3 package and
> you are going to update it with new buildtime dependencies, please let
> me know or wait
On 06/22/2018 08:37 AM, Jerry James wrote:
On Thu, Jun 21, 2018 at 2:50 AM Daniel P. Berrangé wrote:
Fedora rawhide has not had any kernel build available for i686 for a
week now. It was disabled in a rebase due to part of the build process
segfaulting.
The bug causing the segfault is not spe
Till Maas wrote:
> I do not see any reason why a user would put something in ~/bin that
> would mask something in /usr/bin except to actually mask the binary. It
> is the same with other user configuration, anyone expects ~/.ssh/config
> to override /etc/ssh/ssh_config instead of the other way roun
Tomasz Kłoczko wrote:
> Just FTR.
> If Fedora maintainers will decide to put ~/.local/bin over /usr/bin on
> the $PATH it will be possible to control over ~/.local/bin/id (and/or
> many more similar commands) what happens on begin of the user login
> session. None of the packages updates (except th
FESCo has decided to review this topic at their next meeting. I will hold
off submitting
another draft pending the results of that discussion.
https://pagure.io/fesco/issue/1918
On Thu, Jun 21, 2018 at 5:05 PM, Gerald B. Cox wrote:
>
>
> On Thu, Jun 21, 2018 at 3:14 PM, Jason L Tibbitts III
>
On Thu, Jun 21, 2018 at 11:19 PM, Chris Murphy wrote:
[snip]
>>
>>> OK anyway, I don't see broad BLS consensus forming yet, but I do see
>>> two items that aren't controversial and could move forward as part of
>>> this feature proposal:
>>>
>>> a. Consistent $BOOT/loader/entries for UEFI and BI
On Fri, 22 Jun 2018 09:37:15 -0600
Jerry James wrote:
> On Thu, Jun 21, 2018 at 2:50 AM Daniel P. Berrangé
> wrote:
> > Fedora rawhide has not had any kernel build available for i686 for a
> > week now. It was disabled in a rebase due to part of the build
> > process segfaulting.
>
> The bug ca
On Fri, Jun 22, 2018 at 05:01:38PM +0100, Tomasz Kłoczko wrote:
> If Fedora maintainers will decide to put ~/.local/bin over /usr/bin on
> the $PATH it will be possible to control over ~/.local/bin/id (and/or
> many more similar commands) what happens on begin of the user login
> session. None of t
On Fri, 22 Jun 2018 at 13:52, Till Maas wrote:
[..]
> No, it does not change everything as attackers can also just copy
> desktop files with other Exec-Keys to
>
> /home/till/.local/share/applications, for example like this:
>
> sed -e s,Exec=.*,Exec=xmessage\ pwned,
> /usr/share/applications/fire
On Fri, 22 Jun 2018 at 13:36, Till Maas wrote:
[..]
> > The attacker could have looked up the exploit on the web.
>
> If it is a public exploit, then it is usually fixed by updates,
> especially if the impact is that big. A user not installing
> security updates is a scenario I consider not worth
On Thu, Jun 21, 2018 at 2:50 AM Daniel P. Berrangé wrote:
> Fedora rawhide has not had any kernel build available for i686 for a
> week now. It was disabled in a rebase due to part of the build process
> segfaulting.
The bug causing the segfault is not specific to i386. It could happen
on any ar
On 22 June 2018 at 05:29, Daniel P. Berrangé wrote:
>> I encourage you to file a ticket with FESCO.
>
> I was hoping this mail would generate some more discussion perhaps with
> other ideas than I've come up with.
>
> If there's continued silence and i686 kernel doesn't get fixed soon,
> I'll fil
On Fri, 22 Jun 2018 08:55:16 -0500
Justin Forbes wrote:
> On Fri, Jun 22, 2018 at 8:49 AM, Rex Dieter
> wrote:
> > Daniel P. Berrangé wrote:
> >
> >> If there's continued silence and i686 kernel doesn't get fixed
> >> soon, I'll file ticket with FESCO asking for i686 arch to be
> >> removed from
On Fri, Jun 22, 2018 at 08:49:04AM -0500, Rex Dieter wrote:
> Daniel P. Berrangé wrote:
>
> > If there's continued silence and i686 kernel doesn't get fixed soon,
> > I'll file ticket with FESCO asking for i686 arch to be removed from
> > main koji and relegated to a secondary koji instance, so i6
On Fri, Jun 22, 2018 at 8:49 AM, Rex Dieter wrote:
> Daniel P. Berrangé wrote:
>
>> If there's continued silence and i686 kernel doesn't get fixed soon,
>> I'll file ticket with FESCO asking for i686 arch to be removed from
>> main koji and relegated to a secondary koji instance, so i686 doesn't
>
Daniel P. Berrangé wrote:
> If there's continued silence and i686 kernel doesn't get fixed soon,
> I'll file ticket with FESCO asking for i686 arch to be removed from
> main koji and relegated to a secondary koji instance, so i686 doesn't
> block maintainers going forward...
Not sure it's as simp
On Mon, Jun 18, 2018 at 02:17:43PM +0100, Tomasz Kłoczko wrote:
> For example in case of have /usr/local/bin/id you can observe that
> gnome-terminal started from command line and GUI menu are altere.
> In other words this effect is literally spreads as well across most of
> the /usr/share/applica
On Sat, Jun 16, 2018 at 01:17:57PM -0400, Nico Kadel-Garcia wrote:
> * Stolen passwords from penetrated hosts, used for SSH connections.
> Copying a file to $HOME/.local/bin requires far less scripting and
> awareness of existing contents than editing of .bashrc or .profile
> that reveals timestam
On Fri, Jun 15, 2018 at 06:56:16PM +0200, Alois Mahdal wrote:
>
>
> On 06/15/2018 11:24 AM, Till Maas wrote:
> > ...]
> >
> >> What I'm trying to say is that with these kinds of attack (like viruses,
> >> or exploits on massively accessed page), there is inevitably going to be
> >> some sort of
On Mon, Jun 18, 2018 at 09:12:35AM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Thu, Jun 14, 2018 at 05:16:31PM +0200, Jan Kurik wrote:
> > The linker can now put all code and read-only data sections into a
> > separate segment with only READ and EXECUTE permissions. All writable
> > data can be
On Thu, Jun 21, 2018 at 07:36:30AM -0700, Laura Abbott wrote:
> On 06/21/2018 01:50 AM, Daniel P. Berrangé wrote:
> > The kernel change that introduced the i686 build problem was just a
> > rebase between 2 arbitrary pre-release git snapshots. I don't really
> > a compelling justification to rebase
36 matches
Mail list logo
