Hendrik Boom hend...@topoi.pooq.com writes:
On Thu, Jul 30, 2015 at 10:28:30AM +0100, Rainer Weikusat wrote:
[sudo/ PATH]
Also, the Debian default configuration
contains a
Defaults
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which means the user
On Thu, Jul 30, 2015 at 10:28:30AM +0100, Rainer Weikusat wrote:
Didier Kryn k...@in2p3.fr writes:
Le 29/07/2015 16:35, a...@gulbrandsen.priv.no a écrit :
Every last problem of sudo is taken seriously? Did you know that if
someone has limited access, e.g. the right to install standard
On Thu, Jul 30, 2015 at 10:39:22PM +0200, Didier Kryn wrote:
Le 30/07/2015 01:09, Isaac Dunham a écrit :
I'm not sure where in the discussion this fits, but I thought I'd mention
it here:
Permitting all mount invocations via sudo does have a potential security
hole if your mount
Le 30/07/2015 11:28, Rainer Weikusat a écrit :
Didier Kryn k...@in2p3.fr writes:
Le 29/07/2015 16:35, a...@gulbrandsen.priv.no a écrit :
Every last problem of sudo is taken seriously? Did you know that if
someone has limited access, e.g. the right to install standard
packages, then it is easy
On Thu, 30 Jul 2015 09:18:16 -0400 (EDT)
Rob Owens row...@ptd.net wrote:
Another reason not to give users wholesale access to the mount
command is that they could then 'mount -o remount,rw' any filesystem
that the administrator has mounted read-only. To protect against
this, I think you
On Sat, 1 Aug 2015 05:13:46 -0400
Renaud (Ron) OLGIATI ren...@olgiati-in-paraguay.org wrote:
If I wanted my users to use sudo, I would install them *ubuntu...
:-)
Wait a minute. You can't do that.
* If I wanted my children to breath, I'd give them oxygen tanks.
* If I wanted to spend my
On Fri, Jul 31, 2015 at 10:47:29AM +0100, Rainer Weikusat wrote:
A daemon process should only exist because it provides some important
functionality with a real benefit for users of the system which cannot
(reasonably) be provided in some other way, eg, by starting a program to
perform a
Le 30/07/2015 01:09, Isaac Dunham a écrit :
On Thu, Jul 30, 2015 at 12:40:33AM +0200, Didier Kryn wrote:
I don't understand the preventions against sudo. It is just up to the
administrator to take care, like for everything.
Wether execution of the command is allowed by sudo, by a
On Wed, 29 Jul 2015 19:44:44 +0200
Jaromil jaro...@dyne.org wrote:
I mean: what would you suggest using for the
check a FIFO bit you mention?
pcre? perhaps very clean simple code?
most code out there has too many features
and is too ambitions to fulfill such a simple task
The first word is
If I was about to make a friendly for me Desktop, I would provide a
system service/library/daemon/whatever, where every application while
installing on the system could register (during installation) a set of
commands to be executed later with root privileges. And later ask for
execution of those
Hi Jaromil!
Jaromil wrote on 29/07/2015 at 19:44 CEST:
[...]
how I do it now? hardcode every single binary
that sudo is aloud to execute, full path
and locations that are only root writable.
that's a sudoers feature...
This is how I personally see it: In an ideal environment,
there were *no*
Laurent Bercot ska-de...@skarnet.org writes:
[...]
I think I speak for most people here when I say we dislike
the quantity of undocumented daemons running
on on gnu/Linux desktop nowadays and
I hope we can trim that down with Devuan
The real sticking point in what you just wrote is
- Original Message -
From: Isaac Dunham ibid...@gmail.com
I'm not sure where in the discussion this fits, but I thought I'd mention
it here:
Permitting all mount invocations via sudo does have a potential security
hole if your mount implementation supports FUSE, as you can run an
Le 30/07/2015 01:30, Laurent Bercot a écrit :
I think most people wouldn't mind a pandemonium on their machine IF
they knew exactly what daemon is doing what, how many resources a
daemon consumes, and how to disable the ones they don't need.
Yes, it is mostly a question of book-keeping,
On 31/07/2015 11:47, Rainer Weikusat wrote:
But that's not a good reason for it being installed and running: A
daemon process should only exist because it provides some important
functionality with a real benefit for users of the system which cannot
(reasonably) be provided in some other way
If I wanted my users to use sudo, I would install them *ubuntu...
Cheers,
Ron.
--
Schroedinger thought inside the box.
-- http://www.olgiati-in-paraguay.org --
___
Dng
IMHO automount for desktop is a helper for a user running some X
session. Usually that means that a single person is using this system.
So make him a helper which can do automount/autorun etc which helps
him on a daily basis. Helps him not the admin of the system. A simple
one which is a helper,
Hi,
Laurent Bercot wrote on 29/07/2015 at 17:34 CEST:
On 29/07/2015 17:07, tilt! wrote:
I am certain there is a way of solving this automounting
problem (if I may call it that) cleanly, without the use
of either of them. :-)
There is a way to solve (almost) every suid issue
cleanly,
On Wed, 29 Jul 2015 17:07:32 +0200
tilt! t...@linuxfoo.de wrote:
I am certain there is a way of solving this automounting
problem (if I may call it that) cleanly, without the use
of either of them. :-)
Yes, a daemon running as root could do it. And if the daemon does
nothing but observe
On 29/07/2015 17:07, tilt! wrote:
I am certain there is a way of solving this automounting
problem (if I may call it that) cleanly, without the use
of either of them. :-)
There is a way to solve (almost) every suid issue cleanly, but
it requires running a small additional daemon for every
Arnt Gulbrandsen a...@gulbrandsen.priv.no writes:
Steve Litt writes:
I repeat my question: Do you have first hand knowledge indicating that
polkit is any safer?
No, I do not. But unlike sudo, I am not aware of any weaknesses in its
core design either.
You wrote that sudo would keep the PATH
On Wed, 29 Jul 2015 11:04:22 -0400 (EDT)
Rob Owens row...@ptd.net wrote:
Spacefm has the ability to use several different methods to
mount removable media. If you install either pmount or udevil,
it can use them. By default, I believe it automatically
chooses which method it wants to use,
Steve Litt writes:
I repeat my question: Do you have first hand knowledge indicating that
polkit is any safer?
No, I do not. But unlike sudo, I am not aware of any weaknesses in its core
design either.
Arnt
___
Dng mailing list
Dng@lists.dyne.org
On 29/07/2015 16:02, kpb wrote:
That is a really interesting way of looing at things, thanks for the mental
prompt.
It's an elementary design principle: separate the engine from the interface.
I very much hope people who design GUIs keep it in mind.
How would you deal with providing
On Wed, 29 Jul 2015 18:41:36 +0200
Laurent Bercot ska-de...@skarnet.org wrote:
I know the advantages of the daemon approach, I use it myself and
advocate it any chance I get. Unfortunately, I have found that many
users are reluctant to add yet another daemon to their systems, no
matter how
Le 29/07/2015 16:35, a...@gulbrandsen.priv.no a écrit :
Every last problem of sudo is taken seriously? Did you know that if
someone has limited access, e.g. the right to install standard
packages, then it is easy to leverage that to get complete access.
Various packages run programs in $PATH
On July 29, 2015 7:17:23 PM GMT+02:00, Steve Litt sl...@troubleshooters.com
wrote:
On Wed, 29 Jul 2015 17:07:32 +0200
tilt! t...@linuxfoo.de wrote:
I am certain there is a way of solving this automounting
problem (if I may call it that) cleanly, without the use
of either of them. :-)
I am certain there is a way of solving this automounting
problem (if I may call it that) cleanly, without the use
of either of them. :-)
Yes, a daemon running as root could do it. And if the daemon does
nothing but observe inotify and dmesg, perhaps check a fifo for devices
to be
On Thu, Jul 30, 2015 at 12:40:33AM +0200, Didier Kryn wrote:
I don't understand the preventions against sudo. It is just up to the
administrator to take care, like for everything.
Wether execution of the command is allowed by sudo, by a setuid bit or
by policykit does not change the
On 29/07/2015 19:44, Jaromil wrote:
IMHO the bigger barrier to this is not having
a string parsing code (or basic grammar)
that is security oriented, I mean hardened
to run as root and handle corner cases
The tool I linked does no parsing at all. The user gives the end
of the command line she
Le 28/07/2015 21:17, Hendrik Boom a écrit :
Once, an icon for the device would appear on my screen that I
could click to mount.
This feature is working very well with xfce4 on Debian Wheezy. If
the partitions on the USB disk are labelled, they get mountpoints by the
label, on /media. This
Hi,
Steve Litt wrote on 29/07/2015 at 06:25 CEST:
[...]
Meanwhile, as far as I can see, their entanglement with
polkit does nothing more than my idea about sudo.
Does anyone see any reason why polkit should be assumed
more secure than sudo?
I don't know about polkit, but sudoers(5) is a
Le 29/07/2015 14:15, Hendrik Boom a écrit :
On Wed, Jul 29, 2015 at 10:08:56AM +0200, Didier Kryn wrote:
Le 28/07/2015 21:17, Hendrik Boom a écrit :
Once, an icon for the device would appear on my screen that I
could click to mount.
This feature is working very well with xfce4 on Debian
On Wed, 29 Jul 2015 10:21:37 +0200
tilt! t...@linuxfoo.de wrote:
Hi,
Steve Litt wrote on 29/07/2015 at 06:25 CEST:
[...]
Meanwhile, as far as I can see, their entanglement with
polkit does nothing more than my idea about sudo.
Does anyone see any reason why polkit should be assumed
On Wed, Jul 29, 2015 at 10:08:56AM +0200, Didier Kryn wrote:
Le 28/07/2015 21:17, Hendrik Boom a écrit :
Once, an icon for the device would appear on my screen that I
could click to mount.
This feature is working very well with xfce4 on Debian Wheezy.
If the partitions on the USB disk are
- Original Message -
From: kpb k...@sohcahtoa.org.uk
Rob Owens row...@ptd.net wrote:
Before I stopped using Jessie, I had USB mounting working
with the spacefm file manager and either udevil or pmount to
handle the removable devices. Let me know if anybody wants
instruction on
Hi Steve,
Steve Litt wrote on 29/07/2015 at 15:35 CEST:
On Wed, 29 Jul 2015 10:21:37 +0200
Steve Litt wrote on 29/07/2015 at 06:25 CEST:
[...]
Meanwhile, as far as I can see, their entanglement with
polkit does nothing more than my idea about sudo.
Does anyone see any reason why polkit should
Every last problem of sudo is taken seriously? Did you know that if
someone has limited access, e.g. the right to install standard
packages, then it is easy to leverage that to get complete access.
Various packages run programs in $PATH as root, Firefox comes to mind,
so just prepare $PATH and
On Wed, 29 Jul 2015 16:35:56 +0200
a...@gulbrandsen.priv.no wrote:
Every last problem of sudo is taken seriously? Did you know that if
someone has limited access, e.g. the right to install standard
packages, then it is easy to leverage that to get complete access.
Various packages run
On Wed, 29 Jul 2015 08:18:33 +0100
kpb k...@sohcahtoa.org.uk wrote:
and being able to add *GUI initiated* mount/unmount (say by clicking
on a volume name in the file manager) would be a real advance over
pmount in a terminal window.
The preceding is a matter of opinion and dependent on one's
On Tue, Jul 28, 2015 at 01:08:26PM -0700, Gregory Nowak wrote:
On Tue, Jul 28, 2015 at 03:17:11PM -0400, Hendrik Boom wrote:
Of course I have to guess whether the device has
been plugged in as /dev/sdb, or /dev/sde, or whatever. In case of
(frequent) doubt, I switch to a root console
level of control for
admins, I don't have a problem with it.
Thoughts?
From: Hendrik Boommailto:hend...@topoi.pooq.com
Sent: 7/28/2015 7:45 PM
To: dng@lists.dyne.orgmailto:dng@lists.dyne.org
Subject: Re: [DNG] automount, mount, and USB sticks
On Tue, Jul 28, 2015
On Tue, 28 Jul 2015 20:09:06 -0700
James Powell james4...@hotmail.com wrote:
From: Hendrik Boommailto:hend...@topoi.pooq.com
Sent: 7/28/2015 7:45 PM
To: dng@lists.dyne.orgmailto:dng@lists.dyne.org
Subject: Re: [DNG] automount, mount, and USB sticks
integration.
-Jude
--
From: Hendrik Boom hend...@topoi.pooq.com
Sent: 7/28/2015 7:45 PM
To: dng@lists.dyne.org
Subject: Re: [DNG] automount, mount, and USB sticks
On Tue, Jul 28, 2015 at 01:08:26PM -0700, Gregory Nowak wrote:
On Tue, Jul 28, 2015 at 03:17:11PM
On Tue, Jul 28, 2015 at 09:29:09AM +0100, kpb wrote:
On Tue, 28 Jul 2015 00:09:45 -0400
Steve Litt sl...@troubleshooters.com wrote:
Cheer up Svante. This isn't for your corporation's web servers, it's
for the guy with a desktop, the system's only user, a guy who already
has root but just
On Tue, Jul 28, 2015 at 03:17:11PM -0400, Hendrik Boom wrote:
Of course I have to guess whether the device has
been plugged in as /dev/sdb, or /dev/sde, or whatever. In case of
(frequent) doubt, I switch to a root console with control-alt-F1 and a
login, unplug the device, and plug it in
46 matches
Mail list logo