On Monday 18 May 2009, Bill Davidsen wrote: >Paulo Cavalcanti wrote: >> On Sun, May 17, 2009 at 10:35 AM, Gene Heskett <gene.heskett@xxxxxxxxxxx >> <mailto:gene.heskett@xxxxxxxxxxx>> wrote: >> >> Greetings all; >> >> What is /dev/shm? >> >> I've given up on rkhunter ever shutting up about the group and >> passwd files, >> but fussing about this is new. >> ---------------------- Start Rootkit Hunter Scan >> ---------------------- Warning: Suspicious file types found in /dev: >> /dev/shm/sem.ADBE_REL_root: data >> /dev/shm/sem.ADBE_WritePrefs_root: data >> /dev/shm/sem.ADBE_ReadPrefs_root: data >> >> And indeed, these files that I nuked friday are back: >> [root@coyote linux-2.6.30-rc6]# ls -l /dev/shm >> total 24 >> -r-------- 1 root root 67108904 2009-05-16 02:37 pulse-shm-3724332759 >> -rw-rw-rw- 1 root root 16 2009-05-16 20:33 >> sem.ADBE_ReadPrefs_root -rw-rw-rw- 1 root root 16 2009-05-16 20:33 >> sem.ADBE_REL_root -rw-rw-rw- 1 root root 16 2009-05-16 20:33 >> sem.ADBE_WritePrefs_root > >Do you have some Adobe stuff installed? And might you ever accidentally have >used it as root? Just looking at the name, I know you're old enough to know >better. ;-) > :-) KNOW better? For me, its an arguable point. I learned most of principles of a multi-user/multitasking system from os9 (now called nitros9 & I had a small hand in the rewrite) back in the 80's, and while it may seem to be an excuse to you, I have never gotten used to the permissions restrictions placed on the user by modern versions. Since I learned without that, one could say I learned wrong I suppose. OTOH, it IS my system. Much of what runs and is exposed to attack, also runs as an unpriviledged user, with a looong passwd. I do what I think needs to be done to maintain a reasonable level of security, like using rkhunter or chkrootkit, and I use a router (dd-wrt)that has so far passed the test of time vis-a-vis the attackers, watched carefully since I log those attempts here. The only thing missing in the router is a facility to blacklist and drop on the floor or better yet tarpit, those addresses that continue to play dictionary attack name games, some of them hundreds of times an hour. Yeah, I use passwds I can remember, but they are also relatively secure just because of the length used. >> Anything with 'pulse' in its name has been nuked by an 'rpm -e', and I >> >> >> You should have not, but it is your choice. > >Is there a better way to get rid of PulseAudio? Some install option which >prevents infecting the system in the first place? That would be very nice. But from fedora? Tain't gonna happen... It is not only part of the 'branding', its also the fence between the paid up seat version and the freebie, so we scream & holler and get generally ignored or given just enough we don't all jump ship & they lose their guinea pigs, something they can't afford, so its a grand and glorious but frustrating experience, running all this bleeding edge stuff. I even invite more bloodshed by running the latest snapshots of amanda, and linus's latest kernel, currently 2.6.30-rc6. And generally, its fun to boot. Get used to it. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) "All language designers are arrogant. Goes with the territory..." (By Larry Wall) -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
