Re: ssh -X shop problem...

On Monday 27 November 2006 20:59, Craig White wrote:
On Mon, 2006-11-27 at 17:27 -0800, Wolfgang S. Rupprecht wrote:
Gordon Messmer <yinyang@xxxxxxxxx> writes:
xhost +localhost

Although one should probably mention that "xhost" could more
descriptively be called:

allow_keylogging_from +hostname

It basically turns off what little protection X had. Anyone with an
account at the xhost-ed host can record all the keys you typed from
that point on.

I vaguely recall that Gordon suggested that wasn't the preferred method
of dealing with this but considering that the OP routinely logs in as
root and constantly runs gui as root, it's not as if OP is demonstrating
concerns about security.


Thats one of the beauties of linux, you can delegate things. In this
case, outside security is delegated to the x86 version of DD-WRT. Secure
against my stupidity, now thats something else.

If this install would have Just Worked(TM) from the gitgo, much of this
would not now be a PITA for all concerned. Such niggling little things
as the initially missing /etc/crontab file for instance.

Then yesterday there was a whole gaggle of selinux related stuff that yum
updated, and now I can't get cron to run amanda at all even though
selinux is set to permissive.

Decode this please, from /var/log/cron, since the selinux troubleshooter
shows me a blank slate, apparently freezing with the progress bar showing
the load percentage stuck at about 40% regardless of what log I load for
Nov 27 20:25:01 coyote crond[16717]: Authentication service cannot
retrieve authentication info
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: failed to open
PAM security session: Success
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: cannot set
security context
Which was my latest attempt to make cron do a backup by calling my wrapper
script that runs amanda to do the heavy lifting.

That /var/spool/cron/amanda cats like this:
root@coyote /]# cat /var/spool/cron/amanda
25 20 * * * /GenesAmandaHelper-0.5/
# This file was written by KCron. Copyright (c) 1999, Gary Meyer
# Although KCron supports most crontab formats, use care when editing.
# Note: Lines beginning with "#\" indicates a disabled task.

I built and installed the 20061127 version of amanda-2.5.1p2 today, and
the amcheck test run disclosed that yesterdays running of it as root had
managed to make all the indice files owned by root, so I had another few
minutes worth of doing a chown -R amanda:disk on the indice tree.

I also installed, but am about to rip out, another 6 or so pam modules but
that made no difference, the above was done after installing them. And,
typical, calling up a 'man pam' gets me something entirely different that
has nothing to do with Password Authentification Module, which is what I
think "pam" stands for. If thats not the case, point me at the tutorials
as I'd really like to do a backup by some means other than 'su
amanda -c "./"', which works well and I'll do it if cron cannot
be co-erced by a cowboy on each front fender swinging a cat-o-9-tails or
some such.

Now get this! I just totally disabled selinux (It was set permissive) and
cron runs my script. WTF? I'm going after a beer.

Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author) and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

fedora-list mailing list
To unsubscribe: