Re: [DNG] Contents available at packages.devuan.org and *.mirror.devuan.org

2018-10-09 Thread Ozi Traveller 
I was just wondering whether the changes/updates/improvments with regard to
the repos, will also include the regular updating of the Packages.gz files.

http://deb.devuan.org/merged//dists/jessie/main/debian-installer/binary-amd64/Packages.gz



On Tue, Oct 9, 2018 at 3:47 PM KatolaZ  wrote:

> On Tue, Oct 09, 2018 at 06:07:27AM +1100, Ozi Traveller wrote:
> > Would this also include the Packages.gz for the installer udebs as well?
> >
> > ozi
> >
>
> Please define "this"... :)
>
> HND
>
> KatolaZ
>
> --
> [ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]
> [ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
> [   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
> [ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ]
> [ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Etherape's permissions and Linux Capabilities

2018-10-09 Thread Alessandro Selli 
On 03/10/18 at 01:34, Alessandro Selli wrote:
> On 19/09/18 at 18:47, Alessandro Selli wrote:
>> On 19/09/18 at 14:07, m712 wrote:
>>> On September 18, 2018 1:31:56 PM GMT+03:00, Alessandro Selli 
>>>  wrote:
   Hello,

     I recently installed etherape 0.9.13-1+b1 and found out it could
 not
 do anything when run as an unprivileged user:


 Error opening eth0 : eth0: You don't have permission to capture on that
 device (socket: Operation not permitted) - perhaps you need to be root?


   I could find an "EtherApe (as root)" menu item in my desktop's menu
 under System, but it asks for the superuser's password and I don't like
 that.

   I then run the following command as root:


 setcap CAP_NET_RAW=pe /usr/bin/etherape


   And i can now run etherape as a regular user without entering the
 superuser's password or setting the binary SUID root.

   Could this be make a default setting at package installation, or at
 least could there be some reference to this setting in the package info
 and/or in the command man page?
>>> I agree that this should be a package default, not just here but on 
>>> Debian's side too. Would you like to contact the maintainer or should I?
>>>
>>>m712
>>   For once I'll put aside my laziness and do it myself.  ☺
>>
>>  Thank you anyway.
>>
>>
>> Alessandro
>   OK, Debian package maintainer Frederic Peters asked me to open a new
> bug.  It is bug #910117:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910117
>
>
>   Bye


  They threw it out of the window:


tag #910117 + wontfix
thanks



 From: Patrick_Matthäi 


> Am 04.10.2018 um 09:43 schrieb Laurent Bigonville:

>> My 2¢ here, but su-to-root requires the user to enter the root
>> password of the machine.
>>
>> Adding the capability to the file, will allow any user to run etherape
>> and get information about the network traffic.
>>
>> Isn't that a bigger security issue to allow this by default?
> Hi,
> yes it is and that would be a blocking bug.
> Users should do it on their own, if they think this is correct in their
> scenario. Else etherape  would be a trojan sniffer


  To me a sniffer is a program that can capture and analyze packets'
contents, which in my understanding etherape does not do, as it just
represents graphically TCP/IP connections, data that could be displayed
with ss or netstat, plus traffic volume information.

  But maybe it could, and that's the point about not installing it with
capabilities set.

  Oh well, whatever.



-- 
Alessandro Selli 
Tel. 3701355486
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Restricting user capabilities after ssh login

2018-10-09 Thread taii...@gmx.com 
You can use apparmor to do this quite easily - afaik there are a few
tutorials for it.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Restricting user capabilities after ssh login

2018-10-09 Thread Lars Noodén 
On 10/10/18 12:38 AM, taii...@gmx.com wrote:
> You can use apparmor to do this quite easily - afaik there are a few
> tutorials for it.

Last I checked, apparmor does not function with Devuan:

# /etc/init.d/apparmor start
/etc/init.d/apparmor: 130: /etc/init.d/apparmor:
systemd-detect-virt: not found

Starting AppArmor profiles:AppArmor not available as kernel
LSM.. failed!


/Lars


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng