| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8
Comments:
<Mouring> mil, X11 stops working.
<m10> mm
<Sobh_> pbug hehe
<m10> yeah, we need to think differently
<Mouring> Kinda like directly translating "no" or "wa" or "ka"
<Milamber> Mouring: *sigh* Darnit.
<m10> that's partially why I'm training Iaido now
<Sobh_> btw its: cat file | crypt <p***> > file-crypted
<Milamber> Need to increase a user's open file limit, hmm.
<pbug> hrmm when I use sed on linux why the hell is it not in the bash history..
<Mouring> mil, Linux? Solaris? BSD?
<Milamber> Linux.
<Mouring> Use PAM.
<Mouring> erm.. can't believe I'm advocating pam.
<m10> hehe
<Figz> Use PAM.. because it's all you've got, ****ah
<Sobh_> crypt wont display to stdout very nicely
<p***> > file-crypted
<Milamber> Wait, that's strange. Seems /etc/security/limits.conf is being read.
<Sobh_> also echo hi | openssl enc -<whateverencryptionyouwanna>
<Sobh_> I wonder what what encryption scheme does crypt uses??
<Milamber> PrivSep seems on, and UseLogin is off, but the limits I put into /etc/security/limits.conf are active, weird.
<Sobh_> md5? des? i dont remember
<Mouring> ermm.. Bombsquad truck just p***ed my window and turned to so south along the side of our buinding.
<Mouring> mil, that is a function of PAM.
<Mouring> you must have "UsePAM yes"
<Milamber> Ah. Indeed, seems so.
<Milamber> Cool, thanks.
<pbug> sobh: when you type just "sed" what version does it say?
<pbug> it's GNU sed I know that..
<Sobh_> ill try that later on
<pbug> or rather sed --versino
<pbug> --version
<Sobh_> man crypt and man 3 crypt is are completely different
<Mouring> crypt() isn't a good to encrypt and recover encrypted data.
<Mouring> it is a one-way encryption interface.
<Sobh_> What I want to do is: Present a crypted p***word in your ".screenrc" file and screen will ask for it, whenever someone attempts to resume a detached.
<pbug> sobh: not sure if that'll really protect what's being screened.. these are processes you own after all.. so if smoeone has your account they have those procs
<Sobh_> uh
<dhartmei> yes, they attach a debugger and simply skip the p***word prompt
<Mouring> Ctrl-A Ctrl-X will lock the screen session.
<dhartmei> against your cat, yes
<Mouring> but I find it annoying.
<Sobh_> So what IM trying to do
<Sobh_> makes no sence
<Sobh_> ?
<Mouring> dhart, no I just use static against my cat.
<dhartmei> not really. protect the account from other users, not the process from the owning user
<Sobh_> Well, I doubt the non-sysadmin users have that level of knowledge
<dhartmei> detach and log out. if they can break in, they are not non-sysadmin users, are they?
<dhartmei> your login p***word is weaker than the one you'd choose to protect the screen session? that would be stupid.
<dhartmei> so is sharing accounts.
<Sobh_> how so?
<Sobh_> they have access to the account
<pbug> then you have no secrets
<dhartmei> why don't you create a different account per person?
<Sobh_> they have access to the account, but not to root
<Sobh_> uh
<dhartmei> if you violate basic compartment principles and ignore basic unix security, you can just as well leave it wide open
<dhartmei> so have root create their accounts
<Sobh_> "they have access to the account, but not to root"
<dhartmei> one account per person, what's so complicated about that?
<pbug> sobh: sharing accounts is not wise
<Sobh_> look, I didn't write the policy, nor do I agree with the policy
<Mouring> dhart, I like the "one account per major run tasks" myself as well.
<Sobh_> but until we get it changed, I have to *follow* the policy
<dhartmei> then don't use screen on that account
<pbug> mouring: yeah i do that as well, bittorrent for example has his own user
<Sobh_> what should I use? or do?
<dhartmei> not store anything sensitive on that account, run no process holding any personal information on there
<dhartmei> you CANNOT protect any data in that account from other users sharing your account, it's impossible
<dhartmei> just like you can't change the policy, you can't change that reality
<dhartmei> even much less
<Mouring> dhart, I'm told if you believe hard enough you can warp reality around you.=-)
<dhartmei> those who can do that use their powers to convince me, until such time i laugh at them :)
<pbug> mouring: that works.. but you won't understand why it doesn't affecdt others
<Sobh_> dhart, Mouring: look, I know what the deal is, & I'm willing to tkae an acceptable amount of risk
<dhartmei> you asked if it's stupid, it is, now you can do whatever you like, can't stop you
<Mouring> sobh, I've already told you the magic thing to lock your screen session.. you can no nothing more.
<Sobh_> :|
<pbug> sobh: no use putting in a p***word, you'll just have to trust the other people using that account
<pbug> sobh: just leave them a message not to touch your ****
<Mouring> dhartmei, come to Minnesota.. And we can have a contest of wills.=-)
<dhartmei> mine are seldom flattering like that :)
<Sobh_> Ever have one of those days where you felt like linux was written in a DOS Shell?
<pbug> hrmm
<dhartmei> i've never seen a policy state you're supposed to share your account because root doesn't create per-person accounts. read it carefully, it might say you mustn't share the account or run stuff in screen, either. then what, you obey that?
<Sobh_> there is 1 login for everyone & the sysadmins su to root
<Mouring> Those must be stupid admins.
<dhartmei> yeah. so someone ****s something up, and they have no way of firing the right guy?
<Sobh_> like I said - I'm not the one that implemented the policy :/
<Sobh_> and hopefully it will be re-written
<Sobh_> :|
<dhartmei> so what you run in that screen session is what you do for work, why do you need to hide it from any other coworker? your mail on that account is shared as well, you have no privacy there.
<dhartmei> if you're not supposed to run bittorrent or an irc client on there, don't. what else could be private?
<pbug> no editing your diary or marking important to self calendar events
<dhartmei> which you need to detach, run in background, and re-attach to? :)
<Sobh_> dhart?
<pbug> was just a suggestion from me
<Mouring> "Dear Diary, my boss is an ***hole<pause.. sudden backspace over the word ***hole> a wonderful person that will fire your ***."
<pbug> I called my boss an ***hole in a meeting once.. and he didn't fire me!
<pbug> so I quit
<Sobh_> LOOL
<Sobh_> the screen session is for sysadmins only, but what happens is that other sysadmins su to root & don't log out of the window
<dhartmei> so they leave a root shell screened as a non-root user? they are truly stupid, then. :)
<Mouring> I have to wonder what the hell this system is used for.
<pbug> monkey porn
<Sobh_> But please
<Sobh_> could you give me suggestions or help?
<Sobh_> I have to deal with it
<dhartmei> disconnect the keyboard and lock it away
<dhartmei> that will keep some people away, and it's cheaper and simpler than writing code
<pbug> (and never mind that adapter for the keyboard.. it's the keystroke logger)
<Sobh_> im serious :/
<dhartmei> so am i
<Sobh_> setting up a p***word for screen is what I need
<DocRadium> what OS
<Sobh_> Linux
<DocRadium> making the crypt can be difficult only for lack of a generator
<Mouring> dhart, he is pretty deaf.. didn't I tell him 2 times how to do that? Do I need to tell him about Ctrl-A Ctrl-X a third time with a /kick command for him to see it?
<Sobh_> :/
<dhartmei> so put a stupid hard-coded p***word in the source code, you think anyone who could find and read that wouldn't also be able to attach a debugger?
<dhartmei> you're talking about a light security-by-obscurity feature, any way you put it. so use the simplest one of them.
<dhartmei> you want to make use of crypto just for the sake of giving it a false shine of complexity?
<DocRadium> want a perl script to do it?
<DocRadium> http://www.rocketaware.com/perl/perlfunc/crypt.htm
<Sobh_> if they wanted to pwn the box, they have plenty of ways to do it
<DocRadium> there. cram your desired screen p***word through that perl script
<DocRadium> put the output in your .screenrc
<DocRadium> then screen will demand a p***word when you reattach
<DocRadium> just don't use your shell p***word.
<Mr_You> how the **** can BellSouth justify charging content providers for delivery? if I'm a customer I expect quality service no matter what..... WTF?!?!?!
<pbug> mr_you: yeah, it's sick
<Mr_You> I think I want to change from Cingular just to get away from BellSouth.
<Sobh_> thanks
<Sobh_> to all of you :)
<Sobh_> and yes, I will tell my boss that we need a separate login for the sysadmins
<pbug> mr_you: people should try to rip it all away from them again, but I'm not sure if it's possible other than making a public network that some form of government owns
<pbug> so far the telcos have been pretty good at making any attempt to liberalise communication fail
<Sobh_> dhartmei, Mouring, pbug; I learned the lesson!
<Sobh_> I'll tell my boss
<Sobh_> I'll hand the policymaker a cluestick from you guys
<Sobh_> hehe
<Yashy> Anyone try to install devel/php5-readline/ from fbsd ports in the last 2 days? I have build failing on i386 and sparc64.
<tchang> hahaha
Return to
#unixhelp
or
Go to some related
logs:
#computers
#windows
#bsd
#beginner
#beginner
#windows
ins.or.gov
import an array, getvariables, flash
tiago interview chelsea
tia carrere tie domi
|
|
