So glad we don't have these kinds of issues...
https://bugzilla.redhat.com/show_bug.cgi?id=534047
On Wed, 18 Nov 2009 21:51:03 -0800
Ted Unangst wrote:
>
> How many people are aware that any X program can listen to the
> keystrokes of any other X program?
>
Any machine running or accessed by an X-machine is fundamentally insecure
to whatever level of perms the accessor has. Which doesn
On Sat, 12 Dec 2009, Duncan Patton a Campbell wrote:
On Wed, 18 Nov 2009 21:51:03 -0800
Ted Unangst wrote:
How many people are aware that any X program can listen to the
keystrokes of any other X program?
Any machine running or accessed by an X-machine is fundamentally
insecure to whatever l
On Sat, 12 Dec 2009 23:47:38 +0200 (EET)
Lars Nooden wrote:
> On Sat, 12 Dec 2009, Duncan Patton a Campbell wrote:
> > On Wed, 18 Nov 2009 21:51:03 -0800
> > Ted Unangst wrote:
> >> How many people are aware that any X program can listen to the
> >> keystrokes of any other X program?
> >
> > Any
On Sat, Dec 12, 2009 at 4:47 PM, Lars Nooden wrote:
> So everything under X should be considered available to everything else
> under X.
>
> I presume new models for displays, or new ways to get some kind of
privilege
> separation for X, have been discussed to death already. Is there any key
> di
On Mon, Dec 14, 2009 at 06:08:30AM -0700, Duncan Patton a Campbell wrote:
> On Sat, 12 Dec 2009 23:47:38 +0200 (EET)
> Lars Nooden wrote:
> > On Sat, 12 Dec 2009, Duncan Patton a Campbell wrote:
> > > On Wed, 18 Nov 2009 21:51:03 -0800
> > > Ted Unangst wrote:
> > >> How many people are aware th
> From past experience, I would expect much waving of hands over a two
> weeks periods, with lots of expert telling you "It's a complicated problem",
> running around in circle finding even MORE complicated problems to solve,
> and then things going back to its general state of apathy with respect
On 12/14/09 11:43 AM, Bob Beck wrote:
From past experience, I would expect much waving of hands over a two
weeks periods, with lots of expert telling you "It's a complicated problem",
running around in circle finding even MORE complicated problems to solve,
and then things going back to its gene
> "The Journal Of Child Psychology And Psychiatry has concluded that an
> estimated 98 percent of children under the age of 10 are remorseless
> sociopaths with little regard for anything other than their own egocentric
> interests and pleasures."
>
> http://www.theonion.com/content/news/new_study_
+--
| On 2009-12-14 10:17:54, Bob Beck wrote:
|
| > http://www.theonion.com/content/news/new_study_reveals_most_children
|
| The people who publish such research, and those that read it and find
| it "novel" have obviousl
> | People are at the core motivated by their own self-interest. Anyone
> | who says they aren't is selling something.
>
> Yes, they're selling hilarity. It's The Onion, after all.
Yes, but it's funny because it's true. Even OpenBSD developers are
motivated by self interest...Ever wonder why the
On Mon, Dec 14, 2009 at 05:03:40PM +0100, Marc Espie wrote:
> Considering the design of X, I don't expect any valid security model to emerge
> out of it.
The "Competitors to X" section of the X11 Wikipedia page has some
interesting comments about alternatives to X
http://en.wikipedia.org/wiki/X_
Ted Unangst wrote:
> On Sat, Dec 12, 2009 at 4:47 PM, Lars Nooden wrote:
>> So everything under X should be considered available to everything else
>> under X.
>>
>> I presume new models for displays, or new ways to get some kind of privilege
>> separation for X, have been discussed to death alrea
On Fri, Dec 18, 2009 at 4:31 PM, Lars Nooden wrote:
> Ted Unangst wrote:
>> I'm not sure what you're after, but two conceivable starting points
>> would be the man pages for xauth and XSelectInput.
>
> Those help. I'm trying to get an idea, even an abstract one, of how
> individual windows could
On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote:
> So glad we don't have these kinds of issues...
>
> https://bugzilla.redhat.com/show_bug.cgi?id=534047
>
no one offered a diff to implement that feature on OpenBSD yet ?
it can easily be done by writing a sudoKit policy :-)
Gilles
--
Gil
On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote:
> So glad we don't have these kinds of issues...
>
> https://bugzilla.redhat.com/show_bug.cgi?id=534047
>
Wow that's tremendously funny.
--
DISCLAIMER: http://goldmark.org/jeff/stupid-disclaimers/
This message will self-destruct in 3
On Wed, Nov 18, 2009 at 16:55, Abel Abraham Camarillo Ojeda
wrote:
> On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote:
>> So glad we don't have these kinds of issues...
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=534047
>>
>
> Wow that's tremendously funny.
>
> --
> DISCLAIMER: http
Before everyone goes too bonkers, consider exactly how safe/dangerous
this behavior actually is on a single user machine. Food for thought.
Think to yourself: what *exactly* is the difference between the only
user account on your machine and root? How are you "safe"?
On Nov 18, 2009, at 4:
> Before everyone goes too bonkers, consider exactly how safe/dangerous
> this behavior actually is on a single user machine. Food for thought.
>
> Think to yourself: what *exactly* is the difference between the only
> user account on your machine and root? How are you "safe"?
Not everyone r
2009/11/19 Ted Unangst :
> Think to yourself: what *exactly* is the difference between the only user
> account on your machine and root? How are you "safe"?
And then you create a guest account on your netbook...
Read the comments. There are some interesting exploits for this...
Best
Martin
On Wed, 18 Nov 2009 17:08 -0800, "Bryan" wrote:
> On Wed, Nov 18, 2009 at 16:55, Abel Abraham Camarillo Ojeda
> wrote:
> > On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote:
> >> So glad we don't have these kinds of issues...
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=534047
> >>
>
On Wed, Nov 18, 2009 at 05:38:38PM -0800, Ted Unangst wrote:
> Before everyone goes too bonkers, consider exactly how safe/dangerous
> this behavior actually is on a single user machine. Food for thought.
>
> Think to yourself: what *exactly* is the difference between the only
> user account o
--- On Wed, 11/18/09, Bryan wrote:
> From: Bryan
> Subject: OT: Have you hugged your local OpenBSD dev lately?
> To: "Misc OpenBSD"
> Received: Wednesday, November 18, 2009, 7:05 PM
> So glad we don't have these kinds of
> issues...
>
> https://bug
On Nov 18, 2009, at 5:47 PM, Theo de Raadt
wrote:
Before everyone goes too bonkers, consider exactly how safe/dangerous
this behavior actually is on a single user machine. Food for
thought.
Think to yourself: what *exactly* is the difference between the only
user account on your machine
If you give untrusted people unsupervised access to your laptop, I
hope you have a better lock than I do.
On Nov 18, 2009, at 5:45 PM, Martin SchrC6der wrote:
2009/11/19 Ted Unangst :
Think to yourself: what *exactly* is the difference between the
only user
account on your machine and root? H
Not a change i would make, but for a desktop? Not a big deal.
On Nov 18, 2009, at 5:48 PM, "Eric Furman" wrote:
but making it *default* behaviour??
On Wed, 18 Nov 2009 17:38 -0800, "Ted Unangst"
wrote:
Before everyone goes too bonkers, consider exactly how safe/dangerous
this behavior actua
On Wed, Nov 18, 2009 at 05:38:38PM -0800, Ted Unangst wrote:
> Before everyone goes too bonkers, consider exactly how safe/dangerous
> this behavior actually is on a single user machine.
but did they also by default restrict the system to 1 user?
it's not so much the idea that's laughable, but
To be sure, I don't think it's the best idea. But practically? For
actual users running fedora? I doubt the change makes much difference
for many of them.
The reason I even brought this up is not because I like the idea, but
because I think it is a good opportunity to reflect on what user
On Wed, 18 Nov 2009 16:05:04 -0800
Bryan wrote:
> So glad we don't have these kinds of issues...
New around here, but I'm noticing a lot of tooting of our own horn...so to
speak. With all the possible vectors for compromising a system that are
available it just sounds naive to keep touting how s
On Thu, Nov 19, 2009 at 5:40 PM, rhubbell wrote:
> On Wed, 18 Nov 2009 16:05:04 -0800
> Bryan wrote:
>
>> So glad we don't have these kinds of issues...
>
> New around here, but I'm noticing a lot of tooting of our own horn...so to
> speak. With all the possible vectors for compromising a system
On Fri, 20 Nov 2009 12:02:51 +1100
Aaron Mason wrote:
> On Thu, Nov 19, 2009 at 5:40 PM, rhubbell wrote:
> > On Wed, 18 Nov 2009 16:05:04 -0800
> > Bryan wrote:
> >
> >> So glad we don't have these kinds of issues...
> >
> > New around here, but I'm noticing a lot of tooting of our own
> > horn..
On Fri, Nov 20, 2009 at 2:06 PM, rhubbell wrote:
> On Fri, 20 Nov 2009 12:02:51 +1100
>
> Definitely not missing the point. Maybe you missed mine. Not "worrying"
> because you trust everything about OpenBSD and everyone that's worked on
> it and every package you've installed and every piece of ha
On Thu, 19 Nov 2009 19:06:53 -0800, rhubbell wrote:
8>< snipped for brevity.
>> You miss the point - the reason we toot that particular horn is that
>> you don't have to worry about those sorts of things (well, apart from
>
>Definitely not missing the point. Maybe you missed mine. Not "worrying"
>b
On Thu, Nov 19, 2009 at 10:06 PM, rhubbell wrote:
> It's naive to point elsewhere and say "see, they're not secure".
Other similar systems are not as secure and that has been objectively
demonstrated. Here's one example. See the chart at the top of page
three:
http://research.sun.com/projects/d
On Wed, 18 Nov 2009 16:05:04 -0800
Bryan wrote:
> So glad we don't have these kinds of issues...
>
> https://bugzilla.redhat.com/show_bug.cgi?id=534047
And finally...
https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01445.html
Good fun though.
--
Oliver PETER e
On 11/20/09, rhubbell wrote:
> Definitely not missing the point. Maybe you missed mine. Not "worrying"
> because you trust everything about OpenBSD and everyone that's worked on
> it and every package you've installed and every piece of hardware you've
> installed, etc., etc. It's naive to point
2009/11/20 rhubbell :
> Definitely not missing the point. Maybe you missed mine. Not "worrying"
> because you trust everything about OpenBSD and everyone that's worked on
> it and every package you've installed and every piece of hardware you've
> installed, etc., etc. It's naive to point elsewhe
On Fri, 20 Nov 2009 14:37:36 +1100
Aaron Mason wrote:
> On Fri, Nov 20, 2009 at 2:06 PM, rhubbell wrote:
> > On Fri, 20 Nov 2009 12:02:51 +1100
> >
> > Definitely not missing the point. Maybe you missed mine. Not "worrying"
> > because you trust everything about OpenBSD and everyone that's worked
On Fri, 20 Nov 2009 15:31:47 +1100
Rod Whitworth wrote:
> On Thu, 19 Nov 2009 19:06:53 -0800, rhubbell wrote:
> 8>< snipped for brevity.
> >> You miss the point - the reason we toot that particular horn is that
> >> you don't have to worry about those sorts of things (well, apart from
> >
> >Defin
On Fri, 20 Nov 2009 08:22:45 -0500
Brad Tilley wrote:
> On Thu, Nov 19, 2009 at 10:06 PM, rhubbell wrote:
>
> > It's naive to point elsewhere and say "see, they're not secure".
>
> Other similar systems are not as secure and that has been objectively
> demonstrated. Here's one example. See the
On Fri, 20 Nov 2009 18:22:08 +0100
soko.tica wrote:
> On 11/20/09, rhubbell wrote:
> > Definitely not missing the point. Maybe you missed mine. Not "worrying"
> > because you trust everything about OpenBSD and everyone that's worked
> > on it and every package you've installed and every piece of
On Wed, 25 Nov 2009 00:00:08 +1100
SJP Lists wrote:
> 2009/11/20 rhubbell :
>
> > Definitely not missing the point. Maybe you missed mine. Not "worrying"
> > because you trust everything about OpenBSD and everyone that's worked
> > on it and every package you've installed and every piece of hardw
On Thu, Nov 26, 2009 at 2:10 PM, rhubbell wrote:
> On Fri, 20 Nov 2009 08:22:45 -0500
> Brad Tilley wrote:
>
>> On Thu, Nov 19, 2009 at 10:06 PM, rhubbell wrote:
>>
>> > It's naive to point elsewhere and say "see, they're not secure".
>>
>> Other similar systems are not as secure and that has bee
On 15/12/2009, at 7:10 AM, Bob Beck wrote:
| People are at the core motivated by their own self-interest. Anyone
| who says they aren't is selling something.
Yes, they're selling hilarity. It's The Onion, after all.
Yes, but it's funny because it's true. Even OpenBSD developers are
motivate
On Tue, 15 Dec 2009 10:39:33 +1300
Paul M wrote:
> On 15/12/2009, at 7:10 AM, Bob Beck wrote:
>
> >> | People are at the core motivated by their own self-interest. Anyone
> >> | who says they aren't is selling something.
> >>
> >> Yes, they're selling hilarity. It's The Onion, after all.
> >
>
45 matches
Mail list logo
