| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13
Comments:
<0> even worse than php are thirteen years old progamer 'PHP coders'
<1> MiniMax: A single-user machine is not a web-server sitting in a colo facility. Let me clarify what I mean by "single-user machine": I mean a machine sitting ona user's desktop that no other users use.
<2> one works. the other doesnt.
<3> kothog: does it go on the internet?
<2> i just spent 20 minutes debugging pear issues that should never exist in the first place
<1> greycat: uh huh. feel free to think that.
<1> Vasistha: of course. but the exposure is complete regardless because the hacker's going to cap the user's su p***word the next time the user runs su -l.
<4> I reserve the privilege of pointing and laughing the next time a buffer overrun in your {IRC client,web browser,MUA} erases your MBR because you ran **** as superuser for no reason other than "it's a single user box"
<1> Vasistha: or, what users prefer is just sudo: which may not require a p***word at all.
<4> he still uses "su"?
<4> and what is -l?
<1> greycat: You don't know what you're talking about. That'll happen anyway: just connecting provides all the exposure this hypothetical hacker needs.
<5> kothog: Install JAlbum - an Java-based picture album creating app - and you will also have nice little web-server for sharing your photos with friends. With 777 on all files, a single security flaw in the web-server, and your single-user machine is toast.
<4> it's not in my su(1) man page
<1> MiniMax: that exposure is there regardless.
<1> greycat: find out for yourself. I'm not your teacher.
<1> all the world's not a Linux machine.
<4> imadev:~$ man su | grep -e -l
<4> imadev:~$
<2> <mhiku> hey how can i enable magic quotes runtime
<2> perfect reason why i hate php
<2> i run nothing as root
<6> -, -l, --login Provide an environment similar to what the user would expect had the user logged in directly.
<3> _sho_: there's a way to do that, I'll grep my scripts...
<1> I'm just saying, that what that user originally was looking for was a single-user machine, and his needs would've been met by just running his system as root.
<2> absolutely NOT
<4> I'm just saying, you're a ****ing idiot.
<2> UNDER NO CIRCUMSTANCES
<6> heh
<1> greycat: Tell me again how it's safer to run as a user? You think userland somehow insulates you from anything other than user stupidity?
<2> banstick please
<2> ive dealt with enough noobs, nonlisteners, and general idiots for one day
<4> eh... it's not really worth of banning
<4> +y
<3> _sho_: ini_get and (I believe) ini_set are what you want for checking/enabling magic quotes
<2> no, not me
<1> privilege escalation is trivial..
<2> i was referring to magic quotes in general
<2> that the concept even exists in a language is mind bogling
<4> see? he's definitely a Gentoo user.
<1> nah.. *BSD.
<2> o damn, your right
<2> sorry gc
<1> but I do like bash. :)
<4> what ****ty version of BSD are you running that has so many trivial privilege escalations?
<2> thats the one where you run your box as root!
<2> dont you know?
<1> greycat: It's impossible for a single user not to leak root. And I'm on OpenBSD.
<1> greycat: You wanna call the OpenBSD guys idiots? how amusing.
<4> so your solution to this problem is just to have the "single user system" (a complete fantasy that I've never seen in real life) run everything as UID 0.
<2> no, i think you are the idiot, especially for making such a bold statement as "escalation is trivial"
<2> beh. /ignore ftw
<1> greycat: if the user is competent, there's no need. it's only a protection against accidental rm -rf /
<0> heh
<3> kothog: it's also a protection against software bugs
<2> last i checked, rm -rf was the least of my worries
<7> if you run everything as root, what's the point in all the effort the OpenBSD guys had in doing privelege separation on openssh, etc?
<0> kothog: Excuse me... I'm _not_ trying to be offensive here... but... you are not from a really high usage production environment, are you?
<2> o dude, all that privilege seperateion is moot
<1> GSF: that's on a multi-user system, or a server. I'm talking single-user desktop.
<0> (big companies, many servers, thousands of users)
<3> ...so I suggested he revert to a backup, or else just back up his /home and /etc and do a clean install. He responds with "lol"
<1> iSteve: servers, public exposure, web-server.. all that stuff requires layers of security, and there the efforts of the OpenBSD guys are critical in securing the machine.
<2> hmm... nope. cant see it
<7> kothog: what's the difference? the software doesn't have security problems in a single user system?
<0> kothog: that doesn't really answer my question though -- it's obvious you work around servers, I'm asking about the magnitude of usage:)
<1> GSF: the single-user does an average root-level operation once every hour.
<2> wow.
<4> wrong.
<7> wtf
<4> wrong. wrong. wrong. and *plonk*
<7> apples and oranges?
<2> know when the last time was i did a root level operation?
<2> 6 months ago.
<2> thats right. 6 months ago
<2> well quit installing
<1> _sho_: You're saying you're the average user? :)
<7> kothog: just because I run locate.updatedb lots of times, that doesn't make it right to run irssi as root
<4> _sho_: I'd say the average is somewhere between those extremes.
<0> other than that, once a day -- to perform apt-get update && apt-get -u dist-upgrade
<0> :)
<2> i dont think im very extreme greycat
<2> ill concede once a month if i was installing games or such
<1> GSF: no, but then someone comes along, subverts irssi, and the next time you sudo or su, the hacker caps the root p*** and that's that.
<4> if I *just* installed a box, I'll do a lot of sudo apt-get installs on it, as I remember new things I need. Then it tapers off.
<7> how can he subvert the root p***word with sudo?
<1> he doesn't need to. he just needs to feed commands to your shell.
<1> .. depending on how sudo is set up.
<2> o dude, dont you know? user level ld.so.preload!
<3> _sho_: I've run a linux box with no network connectivity before. The idea was to keep proprietary data off of any network, so the only possibility of leakage is through physical breakin
<0> hah
<0> that could be fun
<0> a hack with a tank
<2> why i just overwrote some foos preload in /etc yeah
<0> it'd certainly will be original:)
<3> iSteve: well, there's that technology, can't remember atm what it's called, but you can read EM waves from a CRT from afar and reproduce screenshots
<3> starts with 'T'
<2> actually, coolest hack ive ever done was crontab
<3> iSteve: and ... wasn't there some laptop theft that was in the news that resulted in a bunch of people's private info being leaked? Like, the laptop was owned by someone who worked in a bank?
<7> kothog: still, I'd take my chances running irssi as a user than as root
<2> social security agency
<7> kothog: that's like saying that there are lockpicks, so I'm better off leaving my door open
<0> Vasistha: it's nowhere near as cool as actually shooting through security and driving through a wall with a tank
<0> ;)
<5> Vasistha: I heard that some guys was able to "read" keyboard input by simply listening to the keyboard clatter. An open mobile phone in the vincinity, and you were screwed.
<3> MiniMax: hmm, well the system in question here was not a laptop, it was always inside a house...
<7> kothog: also, even if someone subverts irssi, how the hell do they cap root p***?
<8> there are small key reading devices, plugged in between keyboard and computer
<8> they record every keystroke
<7> I'm talking in a remote way, of course
<1> GSF: of course, and I run my irc client as a user as well. I'm just saying the veil/sense of security is an illusion.
<7> I don't agree
<7> why would buttloads of security firms exist, if it's all an illusion?
<3> tempest!!
<9> I'm making a little shell script that uses wget to get a webcam image every 15 minutes, and I'd like it to rename the file it has downloaded to be the date and time it downlaods it at, but I'm not sure what the command to change the filename to include that is.
<4> -O $(date +whatever)
<7> mv name newname
<9> I was thinking: NDT=$(date +%y%m%d%H%M%S) ; mv "file.name file.name.$NDT"
<7> Tramse: feed the parameter greycat said to wget
<3> from http://en.wikipedia.org/wiki/TEMPEST : In 1985, Wim van Eck published the first uncl***ified technical analysis of the security risks of emanations from computer monitors. This paper caused some consternation in the security community, which had previously believed that such monitoring was a highly sophisticated attack available only to governments; van Eck successfully eavesdropped on a real system, at a range of hundreds of metres, using just $
<3> n set.
<3> ooh, that was a long line
<6> spam!
<9> ok, thanks!
<9> oww.. misplaced a " in there.
<1> GSF: human gullibility and forgetfulness, primarily.
<3> Tramse: you might also consider doing it in such a way that the files are naturally sorted by date
<9> oki
<8> ...e.g. by using an ISO 8601 date: YYYY-MM-DD, resulting from date specification +%Y-%m-%d
<9> aha
<5> Sounds of Typing Give Messages Away - http://sciam.com/article.cfm?chanID=sa003&articleID=00056901-29ED-132B-A9ED83414B7F0000
<1> besides, that's a logical fallacy: it's a strawman. the existence of successful security firms proves nothing but that they've convinced people they can make them secure.
<10> hi, I am trying to edit a text file. right now it looks like this: <zip> <counter>
<10> except that some zip numbers have suffix
<10> <zip + suffix> <counter>
<11> hi is anyone fermilur with other shells like tcsh?
<6> #tcsh
<6> (If it exists.)
<10> I want to trim down the file to only show the zip, without the suffix
<11> yes it dont....
<10> I know there is a way to do that with awk, sed, etc
<11> :-(
<6> agilman: pastebin an example entry from the file, or a line in here.
<10> goldfish: http://agilman.org/zipAudit
Return to
#bash
or
Go to some related
logs:
#sdl
#perl
perl ipaddr iteration
#perl
/sysfs/bus/platform/devices/
fetachinni
glftpd ubuntu rc.conf
yast gnomad2
the mana world for suse
MYsql manual select * from and
|
|