Gareth:
> You will forgive me if I'm a little confused.
> I know xprop, and I know roughly what X cookies are .. this doesn't sound
> like a "major" fix.
Well, for LTSPFS, it wasn't that major.
The problem, at the time, was that LDM, the display manager, had no
method for us to call out any ext
Gareth Bult wrote:
> Just as a general note, when you're running a LTS version of Ubuntu with
> 50 users on one server running LTSP in a live environment, the very LAST
> thing you want to do is to upgrade the OS to fix a bug. (not least given
> Ubuntu's track record on upgrades as already mentione
Thanks Scott, I was hoping someone like you would chime in and put some
sense to it all. What you said was what I was trying to communicate with
'corner-case' since it has long been said to many that "LTSP-5 is the
current version that you should be using." (straight from #ltsp on
irc.freenode.
Your post;
>>27 Aug 2007
>>Fix is in my tree.
>>An mcookie is generated for the terminal, and set as an xprop during login.
>>Client must pass correct mcookie for connect to happen.
...
You will forgive me if I'm a little confused.
I know xprop, and I know roughly what X cookies are .. this do
As the person who fixed the bug, and who is responsible for LTSPFS
upstream, allow me to interject.
LTSPFS, or, for that matter, LTSP in the large, never had much of a
security model. X was always launched without auth, LTSPFS had no
security, etc. This is true for every version of LTSP from 1 t
Jordan,
>Not that I know, but I don't think you understand the general process of using
>your (limited) resources as
>effectively as possible under a priority-based system for such an enormous
>project as Ubuntu.
You would be correct, the way in which Ubuntu seem to do things is
beyond me.
>B
This is aimed as much at myself as anyone else.
Please remember the code of conduct, don't let this get heated:
http://www.ubuntu.com/community/conduct/
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of
Jordan Erickson wrote:
> Johnathon wrote:
>> ...
>>
>> And, again, this bug was ignored for 4 and a half months, till the
>> vulnerable release went EOL.
>>
>> Again, "Really _awesome_ security policy guys!"
>> Again, "I'd expect that tactic from MS Windows, not from Ubuntu."
>>
>> I know you guys
Not that I know, but I don't think you understand the general process of
using your (limited) resources as effectively as possible under a
priority-based system for such an enormous project as Ubuntu.
I'm just a normal sysadmin and business owner, read: IANAP. But I do
understand that given the va
Isn't it amazing how some people will still continue to defend the
indefensible, just because their ears hurt.
If Ubuntu were billed as a charity, I might tend to agree that people
working for free shouldn't need to take any sort of hit for shoddy
workmanship. Or, if Ubuntu were billed as "unfit f
Johnathon wrote:
> ...
>
> And, again, this bug was ignored for 4 and a half months, till the
> vulnerable release went EOL.
>
> Again, "Really _awesome_ security policy guys!"
> Again, "I'd expect that tactic from MS Windows, not from Ubuntu."
>
> I know you guys are manically busy working on new
...
And, again, this bug was ignored for 4 and a half months, till the
vulnerable release went EOL.
Again, "Really _awesome_ security policy guys!"
Again, "I'd expect that tactic from MS Windows, not from Ubuntu."
I know you guys are manically busy working on new features, I know back-
porting
Marked Feisty task as Won't Fix as Feisty is EOL
** Changed in: ltsp (Ubuntu Feisty)
Status: Triaged => Won't Fix
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Could someone please set this at Won't Fix for feisty as it's no longer
supported?
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bu
dapper never had ltspfs support, seems feisty just slipped through,
sorry for that, we will provide a fix for it asap (note that all newer
releases have the fix included by default and that it really only
affects users on the same server since ltspfs will only accept
connections from the server ip
There we go, I knew it wasn't just me getting pissed off with Ubuntu for
no reason ... ;-)
- Original Message -
From: "Johnathon" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Thursday, July 24, 2008 8:45:06 PM GMT +00:00 GMT Britain, Ireland,
Portugal
Subject: [B
Really _awesome_ security policy guys! Ignore a hole, till the releases
its in are out of support. You know, I'd expect that tactic from MS
Windows, not from Ubuntu.
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of
Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for
this release. Marking Edgy as Won't Fix.
** Changed in: ltsp (Ubuntu Edgy)
Status: Triaged => Won't Fix
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because yo
Hi,
Is this going to be fixed in Fiesty/Dapper, which are both still in
security support? (Our servers are running a mixture of Dapper, Edgy,
Fiesty & Gusty, depending at what time they were put in, and whether
they need to upgrade for new packages like apache 2.2)
--
LTSPFS security is broken
h
This is vulnerable in feisty -- will you be able to backport a fix for
0.4.3-0ubuntu6 ? Thanks!
** Changed in: ltsp (Ubuntu Feisty)
Importance: Undecided => Medium
Assignee: (unassigned) => Scott Balneaves
Status: New => Triaged
** Changed in: ltsp (Ubuntu Edgy)
Importance: Und
In ltspfs-0.5
** Changed in: ltsp (Ubuntu)
Status: Fix Committed => Fix Released
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing li
Will this fix be ported to Feisty security-updates? It is quite a large
security hole...
Johnathon
- "Scott Balneaves" <[EMAIL PROTECTED]> wrote:
> Fix is in my tree. An mcookie is generated for the terminal, and set
> as
> an xprop during login. Client must pass correct mcookie for connect
Fix is in my tree. An mcookie is generated for the terminal, and set as
an xprop during login. Client must pass correct mcookie for connect to
happen.
Scott
** Changed in: ltsp (Ubuntu)
Status: In Progress => Fix Committed
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/13
Hi! How is this coming along?
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/m
** Changed in: ltsp (Ubuntu)
Status: Confirmed => In Progress
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists
We've just discussed this in #ltsp.
The old LTSP used the xauth key, but this broke because of ssh
forwarding. We'll fix this, and get it going.
I'll work on it tonight.
Scott
** Changed in: ltsp (Ubuntu)
Assignee: (unassigned) => Scott Balneaves
Status: Invalid => Confirmed
--
I can confirm this one here. Interestingly enough, ltspfsd depends on
ltsp-client, which fails to install (leaving a broken dependency on the
system), but ltspfsd works fine anyway.
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you
To reproduce on a random workstation (taken from my Bash session);
sudo apt-get install ltspfsd
modprobe fuse
ltspfs 10.1.0.220:/var/run/drives /mnt/root
df -> ltspfs 45244044452396 1% /mnt/root
ls -la /mnt/root/usbdisk-sdc1
total 384
drwxr-xr-x 2 root root 204
Ok, if I boot a thin client (without logging in or doing anything
clever) on the server (or indeed any intelligent machine on the network)
I can do the following;
ltsp :/var/run/drives /mnt/localdev/mountpoint
And I have full access to the client's device , USB key in this case ...
??
--
LTSPFS
to do what ?
connecting to that port is pointless if you dont know the names and paths for
the exported filesystems ltspfsd is offering ...
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received this bug notification because you are a member of Ubuntu
Bugs, which is th
As part of the boot process, the thin client runs;
/usr/bin/ltspfsd -a
At this point, it is listening on 0.0.0.0:9220.
Anyone on the network or the server can then access this port via the
thin client's native IP address.
??
--
LTSPFS security is broken
https://bugs.launchpad.net/
in ltsp5 ltspfs uses the ssh tunnel ldm establishes instead of the
internal xauth mechanism, the -a option is for backwards comaptibility
with ltsp 4.x only
** Changed in: ltsp (Ubuntu)
Status: New => Invalid
--
LTSPFS security is broken
https://bugs.launchpad.net/bugs/133635
You received
Public bug reported:
By default on Fiesty the ltspfs daemon is started with a "-a" , which
turns off Magic Cookie authentication.
In this mode, ltfsp works fine for me, I can see and mount USB and CDROM's not
problem.
Trouble is, so can anyone else on the server.
If I remove the "-a", mounting
33 matches
Mail list logo
