Re: ssh -X shop problem...



On Monday 27 November 2006 20:59, Craig White wrote:
On Mon, 2006-11-27 at 17:27 -0800, Wolfgang S. Rupprecht wrote:
Gordon Messmer <yinyang@xxxxxxxxx> writes:
xhost +localhost

Although one should probably mention that "xhost" could more
descriptively be called:

allow_keylogging_from +hostname

It basically turns off what little protection X had. Anyone with an
account at the xhost-ed host can record all the keys you typed from
that point on.

----
I vaguely recall that Gordon suggested that wasn't the preferred method
of dealing with this but considering that the OP routinely logs in as
root and constantly runs gui as root, it's not as if OP is demonstrating
concerns about security.

Craig

Thats one of the beauties of linux, you can delegate things. In this
case, outside security is delegated to the x86 version of DD-WRT. Secure
against my stupidity, now thats something else.

If this install would have Just Worked(TM) from the gitgo, much of this
would not now be a PITA for all concerned. Such niggling little things
as the initially missing /etc/crontab file for instance.

Then yesterday there was a whole gaggle of selinux related stuff that yum
updated, and now I can't get cron to run amanda at all even though
selinux is set to permissive.

Decode this please, from /var/log/cron, since the selinux troubleshooter
shows me a blank slate, apparently freezing with the progress bar showing
the load percentage stuck at about 40% regardless of what log I load for
analisys:
----------
Nov 27 20:25:01 coyote crond[16717]: Authentication service cannot
retrieve authentication info
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: failed to open
PAM security session: Success
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: cannot set
security context
----------
Which was my latest attempt to make cron do a backup by calling my wrapper
script that runs amanda to do the heavy lifting.

That /var/spool/cron/amanda cats like this:
root@coyote /]# cat /var/spool/cron/amanda
------------
shell=/bin/sh
PATH=/GenesAmandaHelper-0.5:$PATH
MAILTO=amanda
25 20 * * * /GenesAmandaHelper-0.5/backup.sh
# This file was written by KCron. Copyright (c) 1999, Gary Meyer
# Although KCron supports most crontab formats, use care when editing.
# Note: Lines beginning with "#\" indicates a disabled task.
------------

I built and installed the 20061127 version of amanda-2.5.1p2 today, and
the amcheck test run disclosed that yesterdays running of it as root had
managed to make all the indice files owned by root, so I had another few
minutes worth of doing a chown -R amanda:disk on the indice tree.

I also installed, but am about to rip out, another 6 or so pam modules but
that made no difference, the above was done after installing them. And,
typical, calling up a 'man pam' gets me something entirely different that
has nothing to do with Password Authentification Module, which is what I
think "pam" stands for. If thats not the case, point me at the tutorials
as I'd really like to do a backup by some means other than 'su
amanda -c "./backup.sh"', which works well and I'll do it if cron cannot
be co-erced by a cowboy on each front fender swinging a cat-o-9-tails or
some such.

Now get this! I just totally disabled selinux (It was set permissive) and
cron runs my script. WTF? I'm going after a beer.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages

  • The Big Ol Ubuntu Security Resource
    ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
    (microsoft.public.windowsxp.general)
  • The Big Ol Ubuntu Security Resource
    ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
    (microsoft.public.windowsxp.general)
  • Critical Alert Update - W32.Slammer
    ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ...
    (microsoft.public.security)
  • Critical Alert Update - W32.Slammer
    ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ...
    (microsoft.public.sqlserver.security)
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    ... Would there be a reason to implement floating labels in SELinux? ... In this case fireflier would need to do only this: ... To have all tasks assigned a security structure, ... * A task has accessed this file, add the task's SID to the group SID of ...
    (Linux-Kernel)