On Tue, 20 Jun 2017 23:44:24 -0400
Tony Nelson wrote:
> It's not allocated memory. It's a Page Table Entry in the Kernel that
> ensures that no actual memory is mapped there and that the region is
> thus unreadable and unwritable. This is not unlike a swapped-out
> page, except the Kernel Page
On 17-06-20 13:09:50, stan wrote:
On Tue, 20 Jun 2017 12:20:57 -0400
Tom Horsley wrote:
> That seems like it might be impossible without architecture changes
> in the chips to allow bounds checking the stack pointer in hardware
> (which certainly wouldn't fix any existing systems :-).
I think
On 06/21/17 02:36, Frédéric Bron wrote:
> Thanks a lot, I was becoming totally crazy!!
You're welcome.
I would have taken the route suggested by Paul to resolve the problem as it
takes
care of all the files and directory at once.
--
Fedora Users List - The place to go to speculate endlessly
On Tue, 20 Jun 2017 20:36:22 +0200
Frédéric Bron wrote:
> >> -rw---. 1 egreshko egreshko
> >> unconfined_u:object_r:ssh_home_t:s0 398 Jun 21 01:35
> >> authorized_keys
> >
> > Interesting, I have home_root instead of ssh_home. What does that
> > mean? Does it mean that I created the .ssh d
On Tue, 20 Jun 2017 15:13:00 -0400
William Oliver wrote:
> > Summary - probably a text file viewable in any text editor, even
> > less.
> >
> > [snip]
>
> Nope. Yeah, I saw that site. It's not readable in vim, kate, more,
> less, etc. Kate complains of unrecogizable encoding. Gedit
> comp
On Tue, Jun 20, 2017 at 08:36:22PM +0200, Frédéric Bron wrote:
> >> -rw---. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 398
> >> Jun 21 01:35
> >> authorized_keys
> >
> > Interesting, I have home_root instead of ssh_home. What does that
> > mean? Does it mean that I created the .s
On Tue, Jun 20, 2017 at 12:22:05PM -0700, Joe Zeff wrote:
> >windows viewer. Windows virtual machines are handy for this
> >sort of nonsense (I've never gotten wine to successfully
> >run any windows program :-).
> That may be because wine is mostly intended to run games.
That's certainly not true
On Tue, 20 Jun 2017 15:13:00 -0400
William Oliver wrote:
> Nope. Yeah, I saw that site. It's not readable in vim, kate, more,
> less, etc. Kate complains of unrecogizable encoding. Gedit complains
> of invalid characters. I was kind of hoping to be able to look at in
> Linux, and not move to
On 06/20/2017 12:11 PM, Tom Horsley wrote:
Or if it is some proprietary legal doc format, you might need
to install a windows virtual machine so you can run their free
windows viewer. Windows virtual machines are handy for this
sort of nonsense (I've never gotten wine to successfully
run any wind
On Tue, 2017-06-20 at 11:10 -0700, stan wrote:
> On Tue, 20 Jun 2017 13:44:20 -0400
> William Oliver wrote:
>
> > Sorry to bother the fedora list, but I'm not sure where to ask. I
> > have a trial transcript in .ptx format I need to look at. Does
> > anybody know of any tool in Fedora/Linux tha
On Tue, 20 Jun 2017 11:10:59 -0700
stan wrote:
> When in the PTX format, E-Transcript files can be opened with
> E-Transcript Manager or for free, though in read-only mode, with
> E-Transcript Viewer. Since they're probably text-only files, you might
> also find a text editor like Notepad++ useful
>> -rw---. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 398 Jun
>> 21 01:35
>> authorized_keys
>
> Interesting, I have home_root instead of ssh_home. What does that
> mean? Does it mean that I created the .ssh directory as root, then
> chown it which is possible?
> I am totally una
> I still can't reproduce doing it this way on a new VM. How about checking
> the
> selinux contexts?
>
> [egreshko@f26-b14 .ssh]$ ll -Z *
> -rw---. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 398 Jun
> 21 01:35
> authorized_keys
> -rw---. 1 egreshko egreshko unconfined_u:o
On Tue, 20 Jun 2017 13:44:20 -0400
William Oliver wrote:
> Sorry to bother the fedora list, but I'm not sure where to ask. I
> have a trial transcript in .ptx format I need to look at. Does
> anybody know of any tool in Fedora/Linux that can read these?
I think you need to sharpen your search-
Sorry to bother the fedora list, but I'm not sure where to ask. I have
a trial transcript in .ptx format I need to look at. Does anybody know
of any tool in Fedora/Linux that can read these?
Thanks,
billo
___
users mailing list -- users@lists.fedorap
On 06/20/17 23:51, Frédéric Bron wrote:
>> OK. The only other way I could reproduce the error is if the key that
>> was
>> copied into authorized_keys isn't the correct key for the sending system or
>> if I
>> managed to copy into authorized_keys in such a way that it was mangled. For
>>
On Tue, 20 Jun 2017 17:08:09 +0100
Patrick O'Callaghan wrote:
> Full details are in the report already cited, but briefly the fix
> causes each page of the new stack frame to be probed to make sure it
> doesn't overlap with the guard page (a write-protected page created to
> prevent stack and hea
On Tue, 20 Jun 2017 12:20:57 -0400
Tom Horsley wrote:
> That seems like it might be impossible without architecture changes
> in the chips to allow bounds checking the stack pointer in hardware
> (which certainly wouldn't fix any existing systems :-).
I think the kernel fix was the first solutio
> Are the systems that work older systems? They recently
> changed sshd to disable a lot of older encryption
> and hash algorithms and wot-not. Perhaps it doesn't
> like your old keys?
no because I regenerated the key and got the same result.
I wonder if the users need to be part of a group to be
On Tue, 2017-06-20 at 12:20 -0400, Tom Horsley wrote:
> On Tue, 20 Jun 2017 08:42:39 -0700
> stan wrote:
>
> > My
> > assumption was that this was adding the strong stack protection to the
> > kernel side of things.
>
> That seems like it might be impossible without architecture changes
> in the
On Tue, 20 Jun 2017 16:24:59 +0200
Frédéric Bron wrote:
> Same error from another computer targeting this one.
Are the systems that work older systems? They recently
changed sshd to disable a lot of older encryption
and hash algorithms and wot-not. Perhaps it doesn't
like your old keys?
_
On Tue, 20 Jun 2017 08:42:39 -0700
stan wrote:
> My
> assumption was that this was adding the strong stack protection to the
> kernel side of things.
That seems like it might be impossible without architecture changes
in the chips to allow bounds checking the stack pointer in hardware
(which cert
> How many key pairs do you have in .ssh? Is this the only one?
only one.
Frédéric
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
On Jun 20, 2017 17:52, "Frédéric Bron" wrote:
> OK. The only other way I could reproduce the error is if the key
that was
> copied into authorized_keys isn't the correct key for the sending system
or if I
> managed to copy into authorized_keys in such a way that it was mangled.
For example,
On Tue, 2017-06-20 at 08:42 -0700, stan wrote:
> On Tue, 20 Jun 2017 13:11:24 +0100
> Patrick O'Callaghan wrote:
>
> > On Mon, 2017-06-19 at 23:08 -0700, stan wrote:
> > > I'm running
> > > the kernel with the fix, and it is working fine so far.
> >
> > As I understand it (and as the bug rep
> OK. The only other way I could reproduce the error is if the key that
> was
> copied into authorized_keys isn't the correct key for the sending system or
> if I
> managed to copy into authorized_keys in such a way that it was mangled. For
> example,
> each key needs to be on a single li
thanks for looking at it.
> OK. The only other way I could reproduce the error is if the key that
> was
> copied into authorized_keys isn't the correct key for the sending system or
> if I
> managed to copy into authorized_keys in such a way that it was mangled. For
> example,
> each key
On Tue, 20 Jun 2017 13:11:24 +0100
Patrick O'Callaghan wrote:
> On Mon, 2017-06-19 at 23:08 -0700, stan wrote:
> > I'm running
> > the kernel with the fix, and it is working fine so far.
>
> As I understand it (and as the bug report appears to confirm) the fix
> is to ld.so, not the kernel,
On Tue, 2017-06-20 at 08:56 -0400, Tom Horsley wrote:
> On Tue, 20 Jun 2017 08:32:23 -0400
> Tom Horsley wrote:
>
> > That doesn't make any sense. If the exploit happens in ld.so, fixing it
> > doesn't do anything. All you need to do is point an executable at an
> > old copy of ld.so and you have
On 06/20/17 22:55, Ed Greshko wrote:
> Going to try a few more things before I retire.
OK. The only other way I could reproduce the error is if the key that was
copied into authorized_keys isn't the correct key for the sending system or if I
managed to copy into authorized_keys in such a wa
On 06/20/17 22:48, Frédéric Bron wrote:
>> If you have in your sshd_config
>> PasswordAuthentication no
> yes, I have that
>
>> and your ~/.ssh/authorized_keys file set to allow group or other access in
>> any way
>> you will get that error.
>> Set to 600 which is -rw---. and it should be fi
> If you have in your sshd_config
> PasswordAuthentication no
yes, I have that
> and your ~/.ssh/authorized_keys file set to allow group or other access in
> any way
> you will get that error.
> Set to 600 which is -rw---. and it should be fine.
authorized_keys, id_rsa and id_rsa.pub are
It is harder, without source sample data to also work with, but, I believe the
following would work:ssh $id@$ip "cat /dog/aaa.dat | awk \'\!a[\$0]++\' >
/dog/aaa.dat_tmp"
Backslashes before both of the single quotes, before the exclamation mark
(processed by the bash shell affecting history), an
On 06/20/17 22:24, Frédéric Bron wrote:
> I have installed the sshd service but cannot do
> ssh localhost
> because I get the following error:
> Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
>
> Same error from another computer targeting this one.
If you have in your sshd_config
Pa
> Curious as to how to get the following to work remotely over SSH. The
> cmd is used to remove redundant lines, while maintaining order in the
> output file.
>
> The following works if I insert it in the remote term.
>cat /dog/aaa.dat | awk '!a[$0]++' > /dog/aaa.dat_tmp
What about copying tha
I have installed the sshd service but cannot do
ssh localhost
because I get the following error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Same error from another computer targeting this one.
The strange thing is that I have exactly the same sshd_config file and
.ssh directory (
Hey...
Curious as to how to get the following to work remotely over SSH. The
cmd is used to remove redundant lines, while maintaining order in the
output file.
The following works if I insert it in the remote term.
cat /dog/aaa.dat | awk '!a[$0]++' > /dog/aaa.dat_tmp
However I'm unable to ge
On Tue, 20 Jun 2017 08:32:23 -0400
Tom Horsley wrote:
> That doesn't make any sense. If the exploit happens in ld.so, fixing it
> doesn't do anything. All you need to do is point an executable at an
> old copy of ld.so and you have access to the same exploit.
OK, I see it now. The exploit only ha
On Tue, 20 Jun 2017 13:11:24 +0100
Patrick O'Callaghan wrote:
> As I understand it (and as the bug report appears to confirm) the fix
> is to ld.so, not the kernel, though changing ld.so does of course mean
> a reboot.
That doesn't make any sense. If the exploit happens in ld.so, fixing it
doesn'
On Mon, 2017-06-19 at 23:08 -0700, stan wrote:
> I'm running
> the kernel with the fix, and it is working fine so far.
As I understand it (and as the bug report appears to confirm) the fix
is to ld.so, not the kernel, though changing ld.so does of course mean
a reboot.
How do you know it's work
40 matches
Mail list logo
