On Sun, 17 Jun 2018 at 23:23, Ian Malone wrote:
[..]
> Well, two things:
>
> 1. For example, a kiosk mode, where the home directory is wiped each
> login would be made less secure. The profile for the GUI is set at
> login, so writing .bash_profile has no effect on the GUI environment,
> but an at
Stephen Gallagher wrote:
> I'd like to suggest a more radical approach then: what if we only hold
> elections under two circumstances?
>
> 1) An existing member steps down and announces that a seat is opening.
>
> 2) A vote of no-confidence is raised for one or more individuals currently
> servin
On Sun, 17 Jun 2018 at 20:03, Matthew Miller wrote:
[..]
> > Prioritizing security issues is only possible in context of the RISK.
>
> That's only part of the equation. Practical security has to fairly
> assess and balance risk _against requirements_.
Please back to the equation and requirements.
On 16 June 2018 at 13:50, Björn Persson wrote:
> Tomasz Kłoczko wrote:
>> On Fri, 15 Jun 2018 at 23:21, Björn Persson wrote:
>> [..]
>> > Don't forget that if your proof of concept can be modified to either
>> > overwrite or append to ~/.bashrc, then it's irrelevant to this debate.
>>
>> before ~
On Sun, Jun 17, 2018 at 10:03:30AM +0100, Tomasz Kłoczko wrote:
> Przemek .. what you mean "this is NOT a serious security issue"?
> Is it possible to be not serious pregnant?
> Something IS security issue or NOT at all. Isn't it?
> There are ONLY TWO possible states in context of security, and the
On 16.6.2018 02:27, Scott Talbert wrote:
* Set %_python_bytecompile_extra to 0 to disable the automatic
compilation of the extra python files.
* Manually byte-compile those files which do actually need to be
compiled. This is done with the %py_byte_compile macro, which as a
bonus requires tha
Tomasz Kłoczko wrote:
> Just please add /usr/local/bin/id text file with content:
>
> #!/bin/sh
> echo "No one expects The Spanish Inquisition!"
> exec /usr/bin/id $*
I can't:
bash: /usr/local/bin/id: Permission denied
Björn Persson
pgpmM0qMeoYoJ.pgp
Description: OpenPGP digital signatur
On Sun, 17 Jun 2018 at 03:18, Przemek Klosowski
wrote:
[..]
> I have mixed feelings about that. On one hand, I agree that this is NOT
> a serious security issue (it's essentially a local compromise requiring
> an existing local compromise), so if someone claims it'll make their
> life easier, I w
