Re: ssh -X shop problem...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 27 November 2006 20:59, Craig White wrote:
>On Mon, 2006-11-27 at 17:27 -0800, Wolfgang S. Rupprecht wrote:
>> Gordon Messmer <yinyang@xxxxxxxxx> writes:
>> > xhost +localhost
>>
>> Although one should probably mention that "xhost" could more
>> descriptively be called:
>>
>>          allow_keylogging_from +hostname
>>
>> It basically turns off what little protection X had.  Anyone with an
>> account at the xhost-ed host can record all the keys you typed from
>> that point on.
>
>----
>I vaguely recall that Gordon suggested that wasn't the preferred method
>of dealing with this but considering that the OP routinely logs in as
>root and constantly runs gui as root, it's not as if OP is demonstrating
>concerns about security.
>
>Craig

Thats one of the beauties of linux, you can delegate things.  In this 
case, outside security is delegated to the x86 version of DD-WRT.  Secure 
against my stupidity, now thats something else.

If this install would have Just Worked(TM) from the gitgo, much of this 
would not now be a PITA for all concerned.  Such niggling little things 
as the initially missing /etc/crontab file for instance.

Then yesterday there was a whole gaggle of selinux related stuff that yum 
updated, and now I can't get cron to run amanda at all even though 
selinux is set to permissive.

Decode this please, from /var/log/cron, since the selinux troubleshooter 
shows me a blank slate, apparently freezing with the progress bar showing 
the load percentage stuck at about 40% regardless of what log I load for 
analisys:
----------
Nov 27 20:25:01 coyote crond[16717]: Authentication service cannot 
retrieve authentication info
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: failed to open 
PAM security session: Success
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: cannot set 
security context
----------
Which was my latest attempt to make cron do a backup by calling my wrapper 
script that runs amanda to do the heavy lifting.

That /var/spool/cron/amanda cats like this:
root@coyote /]# cat /var/spool/cron/amanda
------------
shell=/bin/sh
PATH=/GenesAmandaHelper-0.5:$PATH
MAILTO=amanda
25 20 * * *     /GenesAmandaHelper-0.5/backup.sh
# This file was written by KCron. Copyright (c) 1999, Gary Meyer
# Although KCron supports most crontab formats, use care when editing.
# Note: Lines beginning with "#\" indicates a disabled task.
------------

I built and installed the 20061127 version of amanda-2.5.1p2 today, and 
the amcheck test run disclosed that yesterdays running of it as root had 
managed to make all the indice files owned by root, so I had another few 
minutes worth of doing a chown -R amanda:disk on the indice tree.

I also installed, but am about to rip out, another 6 or so pam modules but 
that made no difference, the above was done after installing them.  And, 
typical, calling up a 'man pam' gets me something entirely different that 
has nothing to do with Password Authentification Module, which is what I 
think "pam" stands for.  If thats not the case, point me at the tutorials 
as I'd really like to do a backup by some means other than 'su 
amanda -c "./backup.sh"', which works well and I'll do it if cron cannot 
be co-erced by a cowboy on each front fender swinging a cat-o-9-tails or 
some such.

Now get this!  I just totally disabled selinux (It was set permissive) and 
cron runs my script. WTF?  I'm going after a beer.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux