Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On Tue, 6 Feb 2018 18:10:25 -0500 Steve Litt wrote: > On Tue, 6 Feb 2018 21:17:21 + > KatolaZ wrote: > > > On Tue, Feb 06, 2018 at 03:57:48PM -0500, Steve Litt wrote: > > > > [cut] > > > > > > > > > > No need to panic Steve :) You are not the only one using rsync, > > > > so I guess it's not going to disappear. > > > > > > Tell that to dedicated users of dracut. > > > > > > > Well, it means that the dracut users were not so "dedicated" :) > > Nothing can stop a motivated user/developer who has access to the > > source code. > > > > > Anyway, I just downloaded rsync-3.1.3.tar.gz and > > > > [cut] > > > > > > > > Anyway, I have the official tarballs for rsync 3.1.3. > > > > > > > Go panic then. That source code of rsync is distributed under the > > terms of GPLv3, and is available in dozen-thousands copies on the > > Internet. Sorry, dozen-thousands-and-one now ;) > > I panicked, went right to work, and now I'm the proud possessor of a > copy of 3.1.3. It will be backed up with all my other data. Think of > it as insurance: I probably would never have needed it, but this way I > sleep better at night. > > According to https://git.samba.org/?p=rsync.git;a=shortlog , it looks > to me like poettering has never committed to rsync, so that's good > news. LOL, I had to take some flack in order to get that URL from the > Samba list, but it's worth it. > > Thanks, > > SteveT > You could just have asked me, I would have provided the link, that way you wouldn't have upset Andrew ;-) Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On Wed, 7 Feb 2018 09:14:16 + Rowland Penny wrote: > On Tue, 6 Feb 2018 18:10:25 -0500 > Steve Litt wrote: > > > On Tue, 6 Feb 2018 21:17:21 + > > KatolaZ wrote: > > > > > On Tue, Feb 06, 2018 at 03:57:48PM -0500, Steve Litt wrote: > > > > > > [cut] > > > > > > > > > > > > > No need to panic Steve :) You are not the only one using > > > > > rsync, so I guess it's not going to disappear. > > > > > > > > Tell that to dedicated users of dracut. > > > > > > > > > > Well, it means that the dracut users were not so "dedicated" :) > > > Nothing can stop a motivated user/developer who has access to the > > > source code. > > > > > > > Anyway, I just downloaded rsync-3.1.3.tar.gz and > > > > > > [cut] > > > > > > > > > > > Anyway, I have the official tarballs for rsync 3.1.3. > > > > > > > > > > Go panic then. That source code of rsync is distributed under the > > > terms of GPLv3, and is available in dozen-thousands copies on the > > > Internet. Sorry, dozen-thousands-and-one now ;) > > > > I panicked, went right to work, and now I'm the proud possessor of a > > copy of 3.1.3. It will be backed up with all my other data. Think of > > it as insurance: I probably would never have needed it, but this > > way I sleep better at night. > > > > According to https://git.samba.org/?p=rsync.git;a=shortlog , it > > looks to me like poettering has never committed to rsync, so that's > > good news. LOL, I had to take some flack in order to get that URL > > from the Samba list, but it's worth it. > > > > Thanks, > > > > SteveT > > > > You could just have asked me, I would have provided the link, that way > you wouldn't have upset Andrew ;-) > > Rowland :-) The second I heard KatolaZ say what he said, the only thing on my mind was what happened to Dracut, so I wanted to solve the problem **RIGHT NOW** and forgot you were on the Samba crew. Also, I didn't even know that rsync was maintained by the Samba crew until I was in the thick of it. Andrew impresses me as an easily upsettable fellow, but he gave me the exact info I needed, so I took the tech part of his message to heart and ignored the emotional part. All's well that ends well, I'm sure Andrew will calm down, and it's not like I've had any regular correspondence on the Samba list since 2000. SteveT Steve Litt January 2018 featured book: Troubleshooting: Why Bother? http://www.troubleshooters.com/twb ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On Wed, 7 Feb 2018 12:19:10 +0800, Brad wrote in message : > On 07/02/18 07:10, Steve Litt wrote: > > > According to https://git.samba.org/?p=rsync.git;a=shortlog , it > > looks to me like poettering has never committed to rsync, so that's > > good news. ..other names to look out for? ..git clone https://git.samba.org/rsync-web.git &&sgml2txt \ rsync-web/rsync-and-debian/rsync-and-debian.sgml && less \ rsync-and-debian.txt to see a suspiciously old story... > > LOL, I had to take some flack in order to get that URL > > from the Samba list, but it's worth it. > > I'm not trying to be rude Steve, but that post to the SAMBA mailing > list kinda makes you come off like a raving lunatic. I thought they > let you off relatively lightly. > > A quick google for the RSYNC repository, and a quick browse of the > tree would have answered your question without even bothering the > SAMBA list. Not only that, but a git clone would give you a complete > and unmolested archive up to the minute. ..ok, I'll bite, I have rsync.git and rsync-web.git cloned, how do I clone rsync-patches.git? ..according to https://rsync.samba.org/download.html, not neccessarily possible to clone with git clone: "Source repository patches There are also various patch files in the "rsync-patches.git" repository that represent either some work-in-progress features or features that are considered to be a little too fringe-interest for the main release. You can use gitweb to browse the latest patches. Each branch in the patches repository matches the branch of the same name in the main repository, so "master" matches "master", and "b3.0.x" matches "b3.0.x"." -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On 07/02/2018 12:24 μμ, Steve Litt wrote: The second I heard KatolaZ say what he said, the only thing on my mind was what happened to Dracut, so I wanted to solve the problem **RIGHT NOW** and forgot you were on the Samba crew. What happened to dracut? I am using the latest (0.46) version on voidlinux, source downloads are available from the project [1] as is the git repo [2]... __ [1] https://www.kernel.org/pub/linux/utils/boot/dracut/ [2] https://git.kernel.org/pub/scm/boot/dracut/dracut.git/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] heads still active?
Hi! I wonder, is heads https://heads.dyne.org still mantained? If yes, will there be new version with meltdown patches? Nik -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] git - gnutls_handshake() failed
Hello all, Would someone on Ascii please try cloning this repo and reply? I'm getting a gnutls error and not sure where to look for the problem. Thanks $ git clone https://github.com/Eronarn/deploying-applications-with-ansible Cloning into 'deploying-applications-with-ansible'... fatal: unable to access 'https://github.com/Eronarn/deploying-applications-with-ansible/': gnutls_handshake() failed: Public key signature verification has failed. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] git - gnutls_handshake() failed
On 02/07/2018 01:23 PM, dev wrote: Hello all, Would someone on Ascii please try cloning this repo and reply? I'm getting a gnutls error and not sure where to look for the problem. Thanks $ git clone https://github.com/Eronarn/deploying-applications-with-ansible Cloning into 'deploying-applications-with-ansible'... fatal: unable to access 'https://github.com/Eronarn/deploying-applications-with-ansible/': gnutls_handshake() failed: Public key signature verification has failed. This is probably caused by an old library stuck in your system from jessie, I had the same, you might be seeing this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834724 Check if you have libgnutls-deb0-28 installed and remove it. If it would uninstall more packages, you may have mixed repositories (I had packages installed from debian-multimedia causing this) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Héctor González ca...@genac.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] git - gnutls_handshake() failed
On 02/07/2018 01:52 PM, Hector Gonzalez wrote: > > Check if you have libgnutls-deb0-28 installed and remove it. Thanks, That appears to be the case: https://imgur.com/a/t477j ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On Wed, 7 Feb 2018 21:06:48 +0200 mobinmob wrote: > On 07/02/2018 12:24 μμ, Steve Litt wrote: > > The second I heard KatolaZ say what he said, the only thing on my > > mind was what happened to Dracut, so I wanted to solve the problem > > **RIGHT NOW** and forgot you were on the Samba crew. > What happened to dracut? > I am using the latest (0.46) version on voidlinux, source downloads > are available from the project [1] > as is the git repo [2]... I can't find a web reference to this anymore, but as I remember when Redhat took over dracut (I guess they're no longer in charge of it), they emptied dracut's git repositories and started from scratch, so there was no way to get pre-redhat dracut. At least, that's how I remember it happening. SteveT Steve Litt January 2018 featured book: Troubleshooting: Why Bother? http://www.troubleshooters.com/twb ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On Wed, 7 Feb 2018 15:57:29 -0500 Steve Litt wrote: > > What happened to dracut? > > I am using the latest (0.46) version on voidlinux, source downloads > > are available from the project [1] > > as is the git repo [2]... > > I can't find a web reference to this anymore, but as I remember when > Redhat took over dracut (I guess they're no longer in charge of it), > they emptied dracut's git repositories and started from scratch, so > there was no way to get pre-redhat dracut. > > At least, that's how I remember it happening. Either I was wrong, or the dracut problem was subsequently corrected. Looking at https://git.samba.org/?p=rsync.git;a=shortlog, I see that it goes back wy before 2014. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On 08/02/18 02:02, Arnt Karlsen wrote: ..ok, I'll bite, I have rsync.git and rsync-web.git cloned, how do I clone rsync-patches.git? git clone git://git.samba.org/rsync-patches.git ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] forum registration
I don't really do IRC, mainly because most development channels are on Freenode - Freenode famously blocks Tor unilaterally. You pretty much cannot get on Freenode via Tor without some proxy gymnastics. Freenode blocks a lot of other proxies as well, so even that is a significant hurdle. I'm not sure how it handles VPNs but I don't have any of those they couldn't help in my case anyway. I was just hoping an admin could set me up an account and afterwards I could change the password! Lol. I don't need anyone to re-code the spam blocking implementation. Honestly it seems like a decent interim solution to just suggest that Tor users must contact an admin to set up an account. I personally don't mind the extra step at all. Thanks to everyone for discussing this though. gl Original Message On February 3, 2018 10:55 PM, wrote: >On 2018-02-03 16:32, Adam Borowski wrote: >>On Sat, Feb 03, 2018 at 12:38:49PM -0600, goli...@dyne.org wrote: >>>On 2018-02-03 11:18, taii...@gmx.com wrote: On 02/03/2018 07:14 AM, Arnt Karlsen wrote: >..some people HAVE to use Tor, because their lives depends on it. >..and, we need a backup plan whenever Tor fails. > Again a life and death issue. > And there should not ever be a debate as to if someone "needs" it. >Asking a few simple questions about the distro would be an effective spam filter without discrimination. Our spam setup has blocked about 29700 spammers in the last year and >>> not one >>> spammer has gotten through. Only about a dozen folks have had >>> problems >>> registering. So our system is effective and not going anywhere. We >>> also >>> have questions BTW and before we upgraded our line of defense, >>> spammers were >>> still getting through. >>>Including "please ask on IRC for registration" in the error message >> sounds >> like a good alternative for those who for whatever reason believe they >> need >> to use Tor (be their fear warranted or not, it's not our duty to >> judge). >> > Great minds! We just now decided to send them to freenode IRC #d1g-users > in that automated message. I'm hoping to see 'ghostlands' pop up there > soon. > >>An automated exception system takes hours to code, and, as you just >> mentioned, was not 100% effective. A human, on the other hand, has >> natural >> detection of all bulk abuse attempts, and will let through at most an >> individual abuser, who could have easily registered anyway. >> > Ralph is a wizard at cobbling anti-spam stuff together. It has, with a > few exceptions, been trouble-free and 100% effective. I may be wrong but > iirc the setup didn't take that long to put in place. (golinux sends > some virtual ice cream to Ralph.) > > golinux > > >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Preserving rsync: was systemd local privilege escalation (CVE-2017-18078)
On Thu, 8 Feb 2018 11:57:32 +0800, Brad wrote in message : > On 08/02/18 02:02, Arnt Karlsen wrote: > > > ..ok, I'll bite, I have rsync.git and rsync-web.git cloned, > > how do I clone rsync-patches.git? > > > git clone git://git.samba.org/rsync-patches.git ..duh, git clone https://git.samba.org/rsync-patches.git fails, your git:// version actually works. Thanks. :o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] forum registration
It seems dev1galaxy.org is suffering a DNS issue at the moment; it'll hopefully sorted out in a few hours, but until then the forum may be unreachable. Ralph. ghostlands wrote on 08/02/18 15:37: I don't really do IRC, mainly because most development channels are on Freenode - Freenode famously blocks Tor unilaterally. You pretty much cannot get on Freenode via Tor without some proxy gymnastics. Freenode blocks a lot of other proxies as well, so even that is a significant hurdle. I'm not sure how it handles VPNs but I don't have any of those they couldn't help in my case anyway. I was just hoping an admin could set me up an account and afterwards I could change the password! Lol. I don't need anyone to re-code the spam blocking implementation. Honestly it seems like a decent interim solution to just suggest that Tor users must contact an admin to set up an account. I personally don't mind the extra step at all. Thanks to everyone for discussing this though. gl Original Message On February 3, 2018 10:55 PM, wrote: On 2018-02-03 16:32, Adam Borowski wrote: On Sat, Feb 03, 2018 at 12:38:49PM -0600, goli...@dyne.org wrote: On 2018-02-03 11:18, taii...@gmx.com wrote: On 02/03/2018 07:14 AM, Arnt Karlsen wrote: ..some people HAVE to use Tor, because their lives depends on it. ..and, we need a backup plan whenever Tor fails. Again a life and death issue. And there should not ever be a debate as to if someone "needs" it. Asking a few simple questions about the distro would be an effective spam filter without discrimination. Our spam setup has blocked about 29700 spammers in the last year and not one spammer has gotten through. Only about a dozen folks have had problems registering. So our system is effective and not going anywhere. We also have questions BTW and before we upgraded our line of defense, spammers were still getting through. Including "please ask on IRC for registration" in the error message sounds like a good alternative for those who for whatever reason believe they need to use Tor (be their fear warranted or not, it's not our duty to judge). Great minds! We just now decided to send them to freenode IRC #d1g-users in that automated message. I'm hoping to see 'ghostlands' pop up there soon. An automated exception system takes hours to code, and, as you just mentioned, was not 100% effective. A human, on the other hand, has natural detection of all bulk abuse attempts, and will let through at most an individual abuser, who could have easily registered anyway. Ralph is a wizard at cobbling anti-spam stuff together. It has, with a few exceptions, been trouble-free and 100% effective. I may be wrong but iirc the setup didn't take that long to put in place. (golinux sends some virtual ice cream to Ralph.) golinux Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] forum registration
I currently have no profile at the forums anyway :) Btw fyi: I keep getting this error from my provider - "This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded!" Thanks for the heads up. gl Original Message On February 8, 2018 6:35 AM, Ralph Ronnquist wrote: >It seems dev1galaxy.org is suffering a DNS issue at the moment; it'll > hopefully sorted out in a few hours, but until then the forum may be > unreachable. > > Ralph. > > ghostlands wrote on 08/02/18 15:37: >>I don't really do IRC, mainly because most development channels are on >>Freenode - Freenode famously blocks Tor unilaterally. You pretty much cannot >>get on Freenode via Tor without some proxy gymnastics. Freenode blocks a lot >>of other proxies as well, so even that is a significant hurdle. I'm not sure >>how it handles VPNs but I don't have any of those they couldn't help in my >>case anyway. >>I was just hoping an admin could set me up an account and afterwards I could >>change the password! Lol. I don't need anyone to re-code the spam blocking >>implementation. >>Honestly it seems like a decent interim solution to just suggest that Tor >>users must contact an admin to set up an account. I personally don't mind the >>extra step at all. >>Thanks to everyone for discussing this though. >>gl >> >> Original Message >> On February 3, 2018 10:55 PM, goli...@dyne.org wrote: >>>On 2018-02-03 16:32, Adam Borowski wrote: On Sat, Feb 03, 2018 at 12:38:49PM -0600, goli...@dyne.org wrote: >On 2018-02-03 11:18, taii...@gmx.com wrote: >>On 02/03/2018 07:14 AM, Arnt Karlsen wrote: >>>..some people HAVE to use Tor, because their lives depends on it. >>> ..and, we need a backup plan whenever Tor fails. >>> Again a life and death issue. >>> And there should not ever be a debate as to if someone "needs" it. >>> Asking a few simple questions about the distro would be an effective >>> spam filter without discrimination. >>> Our spam setup has blocked about 29700 spammers in the last year and >>> not one >>> spammer has gotten through. Only about a dozen folks have had >>> problems >>> registering. So our system is effective and not going anywhere. We >>> also >>> have questions BTW and before we upgraded our line of defense, >>> spammers were >>> still getting through. >>> Including "please ask on IRC for registration" in the error message >>> sounds >>> like a good alternative for those who for whatever reason believe they >>> need >>> to use Tor (be their fear warranted or not, it's not our duty to >>> judge). >>> >> > Great minds! We just now decided to send them to freenode IRC #d1g-users >>> in that automated message. I'm hoping to see 'ghostlands' pop up there >>> soon. An automated exception system takes hours to code, and, as you just mentioned, was not 100% effective. A human, on the other hand, has natural detection of all bulk abuse attempts, and will let through at most an individual abuser, who could have easily registered anyway. Ralph is a wizard at cobbling anti-spam stuff together. It has, with a >>> few exceptions, been trouble-free and 100% effective. I may be wrong but >>> iirc the setup didn't take that long to put in place. (golinux sends >>> some virtual ice cream to Ralph.) >>>golinux >>>Dng mailing list >>>Dng@lists.dyne.org >>>https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >>> >>Dng mailing list >>Dng@lists.dyne.org >>https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
