Re: Security Flaw:

On 7/9/24 23:34, Richard Bostrom wrote: I cannot update my passphrase in crypttab although the passphrase is updated in the OS I cannot enter my OS without using the latest passphrase. Yours sincerely Richardh Bostrom Passphrases in crypttab(5) are for disks, disk partitions, virtual device

Re: Security hole in kernel fixed?

ср, 15 мая 2024 г. в 16:55, Hans : > Dear developers, Users. > in April 2024 the security hole CVE-2023-6546 was discovered in linux-image, > and I believe, it is fixed in kernel 6.1.0 (from debian/stable) as soon after > this a new kernel was released. https://security-tracker.debian.org/tra

Re: Security hole in kernel fixed?

On 2024-05-15 at 03:05, Hans wrote: > Dear developers, As usual, most of us here are not Debian developers, even if some of us may be software developers. > in April 2024 the security hole CVE-2023-6546 was discovered in linux-image, > and I believe, it > is fixed in kernel 6.1.0 (from debian/

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

On Tue, 2023-11-28 at 08:56 +, Marold Marcus (DC-AE/ESW1) wrote: > Hello, > I would like to request an upgrade of the curl package (Linux Ubuntu Core 22 > / Jammy) to Nghttp2 > v1.57.0 because of CVE-2023-44487: HTTP/2 Rapid Reset. > https://nghttp2.org/blog/2023/10/10/nghttp2-v1-57-0/ > Thank

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

On Tue, 28 Nov 2023 08:56:28 + "Marold Marcus (DC-AE/ESW1)" wrote: Hello Marold, Firstly, we're (for the most part) users, not developers. >I would like to request an upgrade of the curl package (Linux Ubuntu >Core 22 / Secondly, we're _Debian_ users not Ubuntu. You'll have to take it up

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

Hi, On Tue, Nov 28, 2023 at 08:56:28AM +, Marold Marcus (DC-AE/ESW1) wrote: > I would like to request an upgrade of the curl package (Linux > Ubuntu Core 22 / Jammy) to Nghttp2 v1.57.0 because of > CVE-2023-44487: > HTTP/2 Rapid Reset. Your m

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

Am 28.11.2023 um 08:56:28 Uhr schrieb Marold Marcus (DC-AE/ESW1): > I would like to request an upgrade of the curl package (Linux Ubuntu > Core 22 / Jammy) to Nghttp2 v1.57.0 because of > CVE-2023-44487: > HTTP/2 Rapid Reset. That is the debian u

Re: Security question about daemon-init

On 29/08/2023 18:35, Bhasker C V wrote: Apologies in advance for cross-group posting. I have enabled selinux  and after carefully allowing certain permissions, I have put my system in enforcing mode I do see a suspicious line like this [  115.089395] audit: type=1400 audit(1693329979.841:1

Re: [SECURITY] [DLA 3173-1] linux-5.10 security update

Anssi Saari composed on 2022-11-02 09:40 (UTC+0200): > John Boxall wrote: >> Did I miss something in the last three years? When did buster go to a >> 5.10 kernel? My buster system is still on kernel 4.19. > Looks like a linux-5.10 source package was indeed added to Buster in > August and as you

Re: Security Updates

On Wed 09 Mar 2022 at 21:46:45 (-0500), Greg Wooledge wrote: > On Wed, Mar 09, 2022 at 08:28:39PM -0500, Dan Ritter wrote: > > Dimitrios Papanikolaou wrote: > > > > > > I have Debian 10 (buster) installed in my Nodes. > > > I use the sec repo: > > > > > > deb http://security.debian.org/debian-se

Re: Security Updates

On Wed, Mar 09, 2022 at 08:28:39PM -0500, Dan Ritter wrote: > Dimitrios Papanikolaou wrote: > > Hi, > > > > I have Debian 10 (buster) installed in my Nodes. > > I use the sec repo: > > > > deb http://security.debian.org/debian-securitybuster/updates main contrib > > non-free > > I hope there i

Re: Security Updates

Dimitrios Papanikolaou wrote: > Hi, > > I have Debian 10 (buster) installed in my Nodes. > I use the sec repo: > > deb http://security.debian.org/debian-securitybuster/updates main contrib > non-free I hope there is another / between security and buster. > This is what I have. But can you ex

Re: Security

Hi. On Fri, Feb 04, 2022 at 09:43:18AM +0100, Andrei POPESCU wrote: > On Du, 30 ian 22, 19:27:56, Reco wrote: > > > > > > > > How does "people installing without recommends" translate to "GNOME > > > users" is beyond me, > > > > Easy. Look closely at two graphical frontends to libvirt

Re: Security

On Fri, Feb 04, 2022 at 09:43:18AM +0100, Andrei POPESCU wrote: [...] > Those who want a graphical tool to manage their VMs? Installing some > -gnome packages still doesn't make me a GNOME user ;) > > (e.g. I'm using network-manager-gnome with LXDE) It creeps slowly on you ;-P (Just kidding.

Re: Security

On Du, 30 ian 22, 19:27:56, Reco wrote: > > > > > How does "people installing without recommends" translate to "GNOME > > users" is beyond me, > > Easy. Look closely at two graphical frontends to libvirt they provide in > main archive. > Now ask yourself - would I need these on a server? Who wo

Re: Security

On 2022-02-02 13:59:07 +1300, Richard Hector wrote: > On 2/02/22 00:26, Vincent Lefevre wrote: > > On 2022-01-31 01:36:06 +1300, Richard Hector wrote: > > > On 29/01/22 04:17, Vincent Lefevre wrote: > > > > Servers shouldn't have pkexec installed in the first place, anyway. > > > > > > libvirt-dae

Re: Security

On 2/02/22 00:26, Vincent Lefevre wrote: On 2022-01-31 01:36:06 +1300, Richard Hector wrote: On 29/01/22 04:17, Vincent Lefevre wrote: > Servers shouldn't have pkexec installed in the first place, anyway. libvirt-daemon-system depends on policykit-1. Should that not be on my (kvm) server eithe

Re: Security

On 2022-01-31 01:36:06 +1300, Richard Hector wrote: > On 29/01/22 04:17, Vincent Lefevre wrote: > > Servers shouldn't have pkexec installed in the first place, anyway. > > libvirt-daemon-system depends on policykit-1. > > Should that not be on my (kvm) server either? I don't need libvirt-daemon-

Re: Security

Hi. On Sun, Jan 30, 2022 at 02:39:14PM +0100, Andrei POPESCU wrote: > On Du, 30 ian 22, 15:54:17, Reco wrote: > > On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote: > > > On 29/01/22 04:17, Vincent Lefevre wrote: > > > > > > > Servers shouldn't have pkexec installed in the fi

Re: Security

On Du, 30 ian 22, 15:54:17, Reco wrote: > Hi. > > On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote: > > On 29/01/22 04:17, Vincent Lefevre wrote: > > > > > Servers shouldn't have pkexec installed in the first place, anyway. > > > > > > > libvirt-daemon-system depends on poli

Re: Security

Hi. On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote: > On 29/01/22 04:17, Vincent Lefevre wrote: > > > Servers shouldn't have pkexec installed in the first place, anyway. > > > > libvirt-daemon-system depends on policykit-1. > > Should that not be on my (kvm) server eith

Re: Security

On 29/01/22 04:17, Vincent Lefevre wrote: Servers shouldn't have pkexec installed in the first place, anyway. libvirt-daemon-system depends on policykit-1. Should that not be on my (kvm) server either? Cheers, Richard

Re: Security

Nicholas Geovanis wrote: > On Fri, Jan 28, 2022, 6:57 AM Dan Ritter wrote: > > > Nicholas Geovanis wrote: > > > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > > wrote: > > > > > > > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > > > And please don't bother to reply with "there are no o

Re: Security

On Fri, Jan 28, 2022, 9:17 AM Vincent Lefevre wrote: > On 2022-01-27 21:44:07 -0600, Nicholas Geovanis wrote: > > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > wrote: > > > > > I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this > > > article for details: > > > > > > > >

Re: Security

On Jo, 27 ian 22, 21:44:07, Nicholas Geovanis wrote: > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > > > And please don't bother to reply with "there are no other users on this > > system I should worry about", the bad guys could still find ways to get > > in, e.g. via a compromised browser, r

Re: Security

On Fri, Jan 28, 2022, 6:57 AM Dan Ritter wrote: > Nicholas Geovanis wrote: > > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > wrote: > > > > > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > > And please don't bother to reply with "there are no other users on this > > > system I should w

Re: Security

On 2022-01-27 21:44:07 -0600, Nicholas Geovanis wrote: > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > wrote: > > > I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this > > article for details: > > > > > > https://arstechnica.com/information-technology/2022/01/a-bug-lurking-f

Re: Security

Nicholas Geovanis wrote: > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > wrote: > > > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > And please don't bother to reply with "there are no other users on this > > system I should worry about", the bad guys could still find ways to get > > in,

Re: Security

On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU wrote: > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > I am subscribed to that list and get them too. > > > > I just see that three more messages popped in since this morning from > > the security list. > > > > The complaints seem to be only ab

Re: Security

On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > I am subscribed to that list and get them too. > > I just see that three more messages popped in since this morning from > the security list. > > The complaints seem to be only about browsers. The inference seems to > be that the latest release

Re: Security

The proper way IMO is to subscribe to the CERT for your nation. Be the interface to it for your organization within your local responsibilities. You will then receive the high-risk advisories before they are publically released. That paid off, for example, during the ghost/meltdown Intel vulnerabil

Re: Security

I am subscribed to that list and get them too. I just see that three more messages popped in since this morning from the security list. The complaints seem to be only about browsers. The inference seems to be that the latest release always fixes security bugs. While this is true to an extent, w

Re: Security

On 2022-01-25 15:47, Andy Smith wrote: > Hello, > > On Tue, Jan 25, 2022 at 03:05:51PM -0500, Polyna-Maude Racicot-Summerside > wrote: >> Kind of strange that some people complains we lag behind when I get >> information everyday that fixes are available for packages in the stable >> / old stab

Re: Security

Hello, On Tue, Jan 25, 2022 at 03:05:51PM -0500, Polyna-Maude Racicot-Summerside wrote: > Kind of strange that some people complains we lag behind when I get > information everyday that fixes are available for packages in the stable > / old stable release. I think you are getting worked up over t

Re: security of debian default sudoers file (was: dead lock)

On 17/10/21 20:41, Gregor Zattler wrote: PS: in my opinion you should avoid creating a sudoers file unless you really know what you are doing. the defaults are very insecure. So force sudo to use the root passwd. After you ensure your root passwd works, simply add the line: Defaults

RE: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP withreserved IPs on wlan0?

I have used openwrt, but not recent version of it. I have been using Ubiquiti EdgeRouters running the stock EdgeOS. Very solid routers. I even have one sitting up in a tree in a Tupperware container in the snowy mountains! I recently discovered that EdgeOS is based on Debian and you can insta

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 16:42:40 -0500 Dan Ritter wrote: > Celejar wrote: > > > If you are OK buying used equipment, Intel-based gigabit NICs, 4 ports > > > to a PCIe slot, cost about $35 (or $70 new). If you've got a 5 year old > > > > My understanding - please correct me if I'm wrong - is that wit

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > > If you are OK buying used equipment, Intel-based gigabit NICs, 4 ports > > to a PCIe slot, cost about $35 (or $70 new). If you've got a 5 year old > > My understanding - please correct me if I'm wrong - is that with those > types of cards, the ports are distinct and aren't actu

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 11:03:35 -0500 Dan Ritter wrote: > Celejar wrote: > > > I can be glad that OpenWRT has improved their security practices > > > and simultaneously not be interested in using it. > > > > I think we are really in basic agreement. The reason I use OpenWRT is > > that I use a resi

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

> I think we are really in basic agreement. The reason I use OpenWRT is > that I use a residential all-in-one WAP / switch / router, which Debian > is unsuitable for. If I ever go the separate WAP / switch / router > route, I'll probably use Debian on the router for the reasons you > give: good sup

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > > I can be glad that OpenWRT has improved their security practices > > and simultaneously not be interested in using it. > > I think we are really in basic agreement. The reason I use OpenWRT is > that I use a residential all-in-one WAP / switch / router, which Debian > is unsuit

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 09:57:13 -0500 Dan Ritter wrote: > Celejar wrote: > > On Mon, 8 Feb 2021 08:36:34 -0500 > > Dan Ritter wrote: > > > > > OpenWRT's security process doesn't look as terrible as it used > > > to be, but it doesn't really look good right now, just trying to > > > be better. > >

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > On Mon, 8 Feb 2021 08:36:34 -0500 > Dan Ritter wrote: > > > OpenWRT's security process doesn't look as terrible as it used > > to be, but it doesn't really look good right now, just trying to > > be better. > > Again, let's look at specific examples of vulnerabilities present i

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 08:36:34 -0500 Dan Ritter wrote: > Celejar wrote: > > On Mon, 8 Feb 2021 06:41:23 -0500 > > Dan Ritter wrote: > > > > > Gregory Seidman wrote: > > > > If you want a Linux router/AP, I recommend OpenWRT over Debian. It runs > > > > on > > > > ... > > > > > Debian gets sec

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > On Mon, 8 Feb 2021 06:41:23 -0500 > Dan Ritter wrote: > > > Gregory Seidman wrote: > > > If you want a Linux router/AP, I recommend OpenWRT over Debian. It runs on > > ... > > > Debian gets security updates in a timely manner (for stable). > > > > How's OpenWRT's security te

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On 15/09/2020 10:44, Greg Wooledge wrote: > Another choice would be to run Debian stable, but don't install Debian's > version of nginx. Use upstream's releases, compile them yourself, and > update them yourself whenever you need to (for security reasons or > otherwise). If one chooses to do so,

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On 15/09/2020 10:38, Klaus Singvogel wrote: > No: no new version. > > If you're unhappy with that, think about these choices: > > - install upcoming Debian 11 (Testing, Bullseye) and live with the changes > of packages and possible errors in the system. Release date unknown. > > - install Debi

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 03:38:33PM +0200, Klaus Singvogel wrote: > No: no new version. > > If you're unhappy with that, think about these choices: > > - install upcoming Debian 11 (Testing, Bullseye) and live with the changes > of packages and possible errors in the system. Release date unknown

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Hi Revanth, Suryadevara, Revanth wrote: > Hi Klaus, > > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question > is, Can we expect the lat

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Suryadevara, Revanth wrote: > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question > is, Can we expect the latest version of NGINX(i.e. v1

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 12:23:11PM +, Suryadevara, Revanth wrote: > Hi Klaus, > > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 12:23:11PM +, Suryadevara, Revanth wrote: > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question > is, Can we expect the latest version of NGINX(i.e. v1.18.x) to be

RE: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

available in Debian 10? Thanks, Revanth. -Original Message- From: Klaus Singvogel Sent: 15 September 2020 15:10 To: Suryadevara, Revanth Cc: debian-user@lists.debian.org Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution Hi Revanth, as you might have

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 09:13:04AM +, Suryadevara, Revanth wrote: > 1.) Pertaining to Nginx there is no CVE-ID, main concern is, > According to nginx download page, (http://nginx.org/en/download.html) Nginx > 1.14.x is no longer supported and will not be getting regular patches. So, if > any

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

-Original Message- > From: Klaus Singvogel > Sent: 15 September 2020 13:32 > To: Suryadevara, Revanth > Cc: debian-user@lists.debian.org > Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution > > Suryadevara, Revanth wrote: > > > >

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Hi. Please do not top post. On Tue, Sep 15, 2020 at 09:13:04AM +, Suryadevara, Revanth wrote: > Hi Klaus, > > 1.) Pertaining to Nginx there is no CVE-ID, main concern is, > According to nginx download page, (http://nginx.org/en/download.html) > Nginx 1.14.x is no longer suppor

RE: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

a, Revanth Cc: debian-user@lists.debian.org Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution Suryadevara, Revanth wrote: > > We have a system running on Debian 10 with Nginx v1.14.2, GNOME Evolution > v3.30.5-1.1 installed along with other packages. >

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Suryadevara, Revanth wrote: > > We have a system running on Debian 10 with Nginx v1.14.2, GNOME Evolution > v3.30.5-1.1 installed along with other packages. > [...] > When can we expect latest versions of Nginx and GNOME Evolution to be > available in Debian 10 ? Which security bugs do you thi

Re: Security issue ... please could someone help !!!

Hi. On Sun, Apr 05, 2020 at 09:03:00PM +0100, Bhasker C V wrote: > I kept digging down and saw that anything below 32 bytes is not accepted > (by cryptsetup --key-file option) but anything above 32 bytes is > discarded. cryptsetup(8), "-s" option. > Does this mean that cryptsetup plain

Re: Security Issue with sssd / AD authentication?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kent West wrote: > Probably not the best place to put this information, but I figure here > is better than no where... > > I'm tinkering with authentication a Debian (10.1) box via Active > Directory, so that an AD user can log into the Debian box.

Re: Security Issue with sssd / AD authentication?

On 11/8/19 11:53 AM, Roberto C. Sánchez wrote: On Fri, Nov 08, 2019 at 11:36:34AM -0600, Kent West wrote: Probably not the best place to put this information, but I figure here is better than no where... I'm tinkering with authentication a Debian (10.1) box via Active Directory, so that an AD

Re: Security Issue with sssd / AD authentication?

On Fri, Nov 08, 2019 at 11:36:34AM -0600, Kent West wrote: > Probably not the best place to put this information, but I figure here is > better than no where... > > I'm tinkering with authentication a Debian (10.1) box via Active Directory, > so that an AD user can log into the Debian box. > > Th

Re: Security Updates

On Sun, Dec 30, 2018 at 08:00:51PM +0100, Marek Gráfel wrote: > I also tried the command via the apt-get update terminal, telling me that > the operation is declined. Make sure you run apt-get as root or with sudo: sudo apt-get update Then: sudo apt-get upgrade -- Nazar

Re: Security Updates

On 12/30/18 11:00 AM, Marek Gráfel wrote: I do not know English well, but I hope that the translation through Google Is there a Debian mailing list in your native language? https://lists.debian.org/completeindex.html David

Re: Security Updates

Marek Gráfel wrote: ... > I do not know English well, but I hope that the translation through Google > will be enough to lead me to write a procedure how to install security > updates, and please explain why your Debian freezes despite Linux Mintu? I > think Debian is higher than Linux Mint. Thank

Re: Security updates for Chromium on Debian Jessie

Hi, Alex. On 29/09/17 07:19, Alex ARNAUD wrote: In the last DSA for the chromium-browser package (DSA-3985-1) I noticed that the updates were released for stable, testing and unstable but not for oldstable. I think the same thing happened with the previous update. Ma

Re: Security updates for Chromium on Debian Jessie

Le 28/09/2017 à 19:39, Daniel Bareiro a écrit : Hi, Sven. On 28/09/17 14:13, Sven Joachim wrote: In the last DSA for the chromium-browser package (DSA-3985-1) I noticed that the updates were released for stable, testing and unstable but not for oldstable. I think the same thing happened with t

Re: Security updates for Chromium on Debian Jessie

Hi, Sven. On 28/09/17 14:13, Sven Joachim wrote: >> In the last DSA for the chromium-browser package (DSA-3985-1) I noticed >> that the updates were released for stable, testing and unstable but not >> for oldstable. I think the same thing happened with the previous update. >> >> Maybe I'm missin

Re: Security updates for Chromium on Debian Jessie

On 2017-09-28 11:08 -0300, Daniel Bareiro wrote: > In the last DSA for the chromium-browser package (DSA-3985-1) I noticed > that the updates were released for stable, testing and unstable but not > for oldstable. I think the same thing happened with the previous update. > > Maybe I'm missing some

Re: security issues

On Sunday 27 August 2017 12:22:30 Mike McClain wrote: > On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote: > > I have had the ultimate revenge on those who were enemies at one > > time, I've outlived the turkeys without doing anything to hasten > > their demise. ;-) > > I thought that w

Re: security issues

On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote: > > I have had the ultimate revenge on those who were enemies at one time, > I've outlived the turkeys without doing anything to hasten their > demise. ;-) > I thought that was worthy of being a tagline. Hope you don't mind. Mike -- You

Re: security issues

On Saturday 26 August 2017 15:43:40 Brian wrote: > [Lots of snipping] > > On Sat 26 Aug 2017 at 15:25:53 -0400, Gene Heskett wrote: > > On Saturday 26 August 2017 14:51:41 Brian wrote: > > > That's what you think! But while you are slumbering, she is > > > emailing friends and talking with Donald

Re: security issues

[Lots of snipping] On Sat 26 Aug 2017 at 15:25:53 -0400, Gene Heskett wrote: > On Saturday 26 August 2017 14:51:41 Brian wrote: > > > That's what you think! But while you are slumbering, she is emailing > > friends and talking with Donald on Twitter. Never underestimate a > > woman's ability to

Re: security issues

On Saturday 26 August 2017 15:25:53 Gene Heskett wrote: > > > install any of the firewall type stuff, dd-wrt in the router is > > > the best guard dog. I've been running some form of it for 15 or > > > more years, and have not been breached. > > > > Isn't dd-wrt only suitable for particular router

Re: security issues

On Saturday 26 August 2017 14:51:41 Brian wrote: > On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote: > > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > > > On 26-08-17, R Calleja wrote: > > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > > > Tengo problemas de s

Re: security issues

On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote: > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > > > On 26-08-17, R Calleja wrote: > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > > Tengo problemas de seguridad que me obligan a reinstalar el sistema > > > a

Re: security issues

On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > On 26-08-17, R Calleja wrote: > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > Tengo problemas de seguridad que me obligan a reinstalar el sistema > > a menudo, una vez al año. > > He leido documentos y ayuda para mejorar la

Re: security issues

Le nonidi 9 fructidor, an CCXXV, Dejan Jocic a écrit : > 10. I'm sure that there is more 0. Think about against what risks you want to protect yourself. Security is always a compromise with convenience. The only absolute security is when you do nothing with no computer at all, but that is not wha

Re: security issues

On 26-08-17, R Calleja wrote: > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > Tengo problemas de seguridad que me obligan a reinstalar el sistema a > menudo, una vez al año. > He leido documentos y ayuda para mejorar la seguridad. > Pero no soy un usuario con conocimientos avanzados d

Re: Security hole in LXDE?

On Mon, Feb 27, 2017 at 09:00:15PM +1100, Davor Balder wrote: > Hi Hans, > > Question 1 which one: stable, testing or unstable? IMHO if it's not stated then stable is to be assumed. Users who run testing/sid are generally expected to have some degree of troubleshooting knowledge (the clue is in

Re: [SOLVED] Re: Security hole in LXDE?

On Tue 07 Mar 2017 at 09:05:03 +0100, to...@tuxteam.de wrote: > On Mon, Mar 06, 2017 at 08:53:39PM +, Brian wrote: > > [...] > > > I'll reconstruct my previous response. If there is no root password, > > (a bad idea, see my other post) > > > sudo is installed and the "first user" is put in

Re: [SOLVED] Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 06, 2017 at 08:53:39PM +, Brian wrote: [...] > I'll reconstruct my previous response. If there is no root password, (a bad idea, see my other post) > sudo is installed and the "first user" is put into the sudo group. I've no proof

Re: [SOLVED] Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 06, 2017 at 08:58:25PM +, Joe wrote: [...] > A member of the sudo group has permanent root privileges. He might as > well simply login as root every day, and not bother with another user. Sorry, I've to disagree. It's a question of e

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 6 Mar 2017 20:47:50 + (UTC) Curt wrote: > On 2017-03-06, Joe wrote: > > > > Who said anything about lpadmin? The question is about the wisdom of > > automatically including someone in the sudo group, which in a > > default Debian sudoers file, gives full root privileges to > > everyt

Re: [SOLVED] Re: Security hole in LXDE?

On Mon 06 Mar 2017 at 19:57:25 +, Joe wrote: > On Mon, 6 Mar 2017 19:36:40 + > Brian wrote: > > > On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote: > > > > > On Mon, 6 Mar 2017 13:40:45 -0500 > > > Greg Wooledge wrote: > > > > > > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote

Re: [SOLVED] Re: Security hole in LXDE?

On 2017-03-06, Joe wrote: > > Who said anything about lpadmin? The question is about the wisdom of > automatically including someone in the sudo group, which in a default > Debian sudoers file, gives full root privileges to everything, using the > user's password. > > We have someone saying this h

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 6 Mar 2017 19:36:40 + Brian wrote: > On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote: > > > On Mon, 6 Mar 2017 13:40:45 -0500 > > Greg Wooledge wrote: > > > > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > > > > Debian appears to use the group 'sudo' as an administrat

Re: [SOLVED] Re: Security hole in LXDE?

Greg Wooledge: > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: >> Debian appears to use the group 'sudo' as an administrative group, >> where some other distributions use 'wheel'. >> >> I would not have thought that users would be added to it by default, >> there are no members on my sid/xfc

Re: [SOLVED] Re: Security hole in LXDE?

On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote: > On Mon, 6 Mar 2017 13:40:45 -0500 > Greg Wooledge wrote: > > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > > > Debian appears to use the group 'sudo' as an administrative group, > > > where some other distributions use 'wheel'. > > >

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 6 Mar 2017 13:40:45 -0500 Greg Wooledge wrote: > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > > Debian appears to use the group 'sudo' as an administrative group, > > where some other distributions use 'wheel'. > > > > I would not have thought that users would be added to it by

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > Debian appears to use the group 'sudo' as an administrative group, > where some other distributions use 'wheel'. > > I would not have thought that users would be added to it by default, > there are no members on my sid/xfce4 workstation. Indee

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 06 Mar 2017 18:28:25 +0100 Hans wrote: > Closing my first report. When I deleted the user from the group > "sudo", everything worked back as normal. > > Debian appears to use the group 'sudo' as an administrative group, where some other distributions use 'wheel'. I would not have thou

[SOLVED] Re: Security hole in LXDE?

Closing my first report. When I deleted the user from the group "sudo", everything worked back as normal. However, IMO the user must additionally be in /et/suders to get the described behaviour working. What is sure: Either KDE or LXDE gave me the opportunity (by using the root password), to

Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 02, 2017 at 08:01:38AM -0600, David Wright wrote: [...] > If you're trying to clarify things, you have to tighten that up > considerably. Any regular user can start synaptics without a password, > as I already posted in this thread. Yes.

Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 02, 2017 at 02:32:19PM +0100, Hans wrote: [snip snip] OK, given your answers, the recommended path would be to remove your user (hans) from group sudo, perhaps so: deluser hans sudo (you've to be root for that, perhaps with -ahem- sud

Re: Security hole in LXDE?

On Thu 02 Mar 2017 at 14:12:59 (+0100), to...@tuxteam.de wrote: > On Thu, Mar 02, 2017 at 01:19:00PM +0100, Hans wrote: > > Hi Tomas > > > Hm. I'm not sure I've got that one right. Who has allowed the standard > > > user to execute applications with root rights? How? > > It was me, beeing haven ask

Re: Security hole in LXDE?

> OK, to recap: you started synaptics (as regular user), and for the first > time you were asked a password. You gave the root (not the user's) > password, and from then on you could start synaptics as a regular user > without having to enter a password. Is that right? > Correct. Howver, this is

Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 02, 2017 at 01:19:00PM +0100, Hans wrote: > Hi Tomas > > Hm. I'm not sure I've got that one right. Who has allowed the standard > > user to execute applications with root rights? How? > It was me, beeing haven asked by of the root password

Re: Security hole in LXDE?

Hi Tomas > Hm. I'm not sure I've got that one right. Who has allowed the standard > user to execute applications with root rights? How? It was me, beeing haven asked by of the root password and (of course) gave the correct one, I allowed the user, to start applications with root rights (besides,

Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 02, 2017 at 11:40:10AM +0100, Hans wrote: > Checked my system again. > It looks like have allowed the standard user to execute applications like > synaptic with root rights. I know, this is going to be asked in KDE, when you > start a h

  1   2   3   4   5   6   7   8   9   10   >