On Thu, 2021-08-12 at 08:32 +0200, Vincent Bernat wrote:
> I give myself password less sudo to "apt update" (without additional
> options), "apt upgrade" (same), "apt full-upgrade" (same). I was
> thinking this should be safe, but now I need to check if the pager is
> properly restricted when displ
Package: wnpp
Severity: wishlist
Owner: Thomas Goirand
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: puppet-module-mistral
Version : 18.4.0
Upstream Author : OpenStack Discuss
* URL : https://opendev.org/openstack/puppet-mistral
* License : Apach
❦ 12 August 2021 10:31 +02, Ansgar:
>> I give myself password less sudo to "apt update" (without additional
>> options), "apt upgrade" (same), "apt full-upgrade" (same). I was
>> thinking this should be safe, but now I need to check if the pager is
>> properly restricted when displaying NEWS file
On 2021-08-12 08:32, Vincent Bernat wrote:
❦ 12 August 2021 10:39 +05, Andrey Rahmatullin:
I just ran across this article
https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I
tested
the attacks on Debian 11 and they work successfully giving me a root
shell prompt.
I don't think cal
2021, ഓഗസ്റ്റ് 12 8:51:55 AM IST, Timothy M Butterworth
ൽ എഴുതി
>I am fine with Debian's release cycle but It would be nice to see more
>packages. For example Debian is missing KDE's Amarok music manager. I
>am happy to see Debian 11 gained KDE Elisa music manager. I am sad to
>see that Virtual
Le mercredi 11 août 2021, 14:00:37 UTC Steve McIntyre a écrit :
> On Tue, Aug 10, 2021 at 03:19:10PM -0700, Josh Triplett wrote:
> >Bastien Roucariès wrote:
> >> I am going to compile shell.efi from source.
> >>
> >> I whish to install to something stable, but I need an arch triplet in
> >> order
Le jeudi 12 août 2021, 09:52:53 UTC Bastien Roucariès a écrit :
> Le mercredi 11 août 2021, 14:00:37 UTC Steve McIntyre a écrit :
> > On Tue, Aug 10, 2021 at 03:19:10PM -0700, Josh Triplett wrote:
> > >Bastien Roucariès wrote:
> > >> I am going to compile shell.efi from source.
> > >>
> > >> I whi
Hi,
On 2021-08-12 2:25 a.m., Brian Thompson wrote:
> On Thu, 2021-08-12 at 11:19 +0500, Andrey Rahmatullin wrote:
>> On Thu, Aug 12, 2021 at 01:12:37AM -0500, Brian Thompson wrote:
>>> Would you agree that there is an issue with sudo access that is
>>> enabled
>>> by default on most Debian and Deb
On 2021-08-12 12:23, Polyna-Maude Racicot-Summerside wrote:
Now if people start doing stuff they don't master than it's not
privilege escalation but much more something like another manifestation
of human stupidity. And this, there won't be a number of article
sufficient to make people change.
[
On Thu, Aug 12, 2021 at 08:32:14AM +0200, Vincent Bernat wrote:
> ❦ 12 August 2021 10:39 +05, Andrey Rahmatullin:
> >> I just ran across this article
> >> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> >> the attacks on Debian 11 and they work successfully giving me a roo
Le jeudi 12 août 2021, 10:16:45 UTC Bastien Roucariès a écrit :
> Le jeudi 12 août 2021, 09:52:53 UTC Bastien Roucariès a écrit :
> > Le mercredi 11 août 2021, 14:00:37 UTC Steve McIntyre a écrit :
> > > On Tue, Aug 10, 2021 at 03:19:10PM -0700, Josh Triplett wrote:
> > > >Bastien Roucariès wrote:
On 8/12/21 2:32 AM, Vincent Bernat wrote:
❦ 12 August 2021 10:39 +05, Andrey Rahmatullin:
I just ran across this article
https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
the attacks on Debian 11 and they work successfully giving me a root
shell prompt.
I don't think cal
On Thu, Aug 12, 2021 at 08:35:42AM -0400, Kyle Edwards wrote:
> > > > I just ran across this article
> > > > https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> > > > the attacks on Debian 11 and they work successfully giving me a root
> > > > shell prompt.
> > > I don't think
> The focus of the article is "sudo access *only* to apt". When we talk
> about unrestricted sudo access it doesn't even make sense to talk about
> privilege escalation because unrestricted sudo is by design a privilege
> escalation.
Similarly, sudo access *only* to bash enables execution of loads
On Thu, Aug 12, 2021 at 01:12:37AM -0500, Brian Thompson wrote:
> Would you agree that there is an issue with sudo access that is enabled
> by default on most Debian and Debian-based distributions? The bug may
> not be in apt, but it definitely lives somewhere.
if those users are not trustworthy t
Hi,
11/08/2021 16:08, Vincent Bernat :
> I think we have more systemic issues. I am quite impressed how Nix/NixOS
> is able to pull so many packages and modules with so few people. But
> they use only one workflow, one way to package, one init system, etc.
> Looking at Arch, one workflow, one way
On Thu, 12 Aug 2021 13:44:24 +0200, Philipp Kern
wrote:
>On 2021-08-12 12:23, Polyna-Maude Racicot-Summerside wrote:
>> Now if people start doing stuff they don't master than it's not
>> privilege escalation but much more something like another manifestation
>> of human stupidity. And this, there
On Thu, Aug 12, 2021 at 01:19:23PM +, Holger Levsen wrote:
> if those users are not trustworthy than the bug is giving them sudo,
> nothing else. (Debian does not give sudo to users by default. The default
> is to set a root password.)
>
> if you give someone a gun for hunting (animals) and th
On 2021-08-12 17:56, Marc Haber wrote:
On Thu, 12 Aug 2021 13:44:24 +0200, Philipp Kern
wrote:
On 2021-08-12 12:23, Polyna-Maude Racicot-Summerside wrote:
Now if people start doing stuff they don't master than it's not
privilege escalation but much more something like another
manifestation
o
Philipp Kern writes:
> You know that this is a bad idea (granting sudo to apt without a
> wrapper). I know that this is a bad idea. That was my point. Plus that
> this is a very common trope in multi-user settings that you want to hand
> out some privilege to install packages.
Right, but this is
Hello,
On Fri 04 Jun 2021 at 06:39PM +02, Helmut Grohne wrote:
> Hi Sean,
>
> On Thu, Jun 03, 2021 at 04:47:44PM -0700, Sean Whitton wrote:
>> dgit wraps some of the existing tools. While dgit is mainly for humans,
>> one role it can have in automated toolchains is producing an ephemeral
>> sour
Hello Helmut,
On Sun 06 Jun 2021 at 09:58PM +02, Helmut Grohne wrote:
> There is another issue affecting me, that may derail from the original
> topic. When I work with packages I tend to fix bugs that are reported by
> some CI system on unstable. When I dgit clone, I may get the unstable
> versi
Package: wnpp
Severity: wishlist
Owner: Damyan Ivanov
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: firebird4.0
Version : 4.0.0.2496
Upstream Author : Firebird developers (firebird-de...@lists.sourceforge.net)
* URL : https://www.firebirdsql.org/
* Licens
Hi,
On Thu, Aug 12, 2021 at 02:06:37PM +0200, Romain Porte wrote:
> > Looking at Arch, one workflow, one way to package, one init system, etc.
> > Looking at Fedora, one workflow, one way to package, one init system.
>
> I think this is a major point. I am a new Debian contributor after a
> good
Quoting Andreas Tille (2021-08-12 23:06:47)
> On Thu, Aug 12, 2021 at 02:06:37PM +0200, Romain Porte wrote:
> > Maintainers like their freedoms, but enforcing some tools at some
> > point could make it easier for everyone to contribute and not
> > relearn the packaging process for every package,
Hello Romain, others,
On Thu 12 Aug 2021 at 02:06PM +02, Romain Porte wrote:
> I think this is a major point. I am a new Debian contributor after a
> good time of ArchLinux PKGBUILD writing. I find Debian technically
> superior on the packaging side, and would not trade it for PKGBUILD. But
> the
On Tue, 2021-07-27 at 13:23:46 -0400, Calum McConnell wrote:
> > Of course, having to unnecessarily add more maintainer scripts to
> > handle something that dpkg can do perfectly fine on its own
>
> TL;DR: merged-usr-via-symlink-farms cannot be done without changing dpkg,
In my mind that's "false
On Tue, 2021-08-10 at 12:34:18 +, Bastien Roucariès wrote:
> I am going to compile shell.efi from source.
>
> I whish to install to something stable, but I need an arch triplet
> in order to put in a multiarch (like) location.
Multiarch-based pathnames should only be used by multiarch-conform
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 1225 (new: 0)
Total number of packages offered up for adoption: 204 (new: 0)
Total number of packages reques
Implementations with real /bin /sbin /lib* directories and symlink farms
are not useful because they would negate the major benefits of
merged-/usr, i.e. the ability of sharing and independently updating
/usr.
--
ciao,
Marco
signature.asc
Description: PGP signature
30 matches
Mail list logo
