FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 01-19-2012, 06:58 AM
Divan Santana
 
Default security problem in X with screen saver

Hi All,

As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA

There is a quite a serious security problem.

Is there a patch coming out soon?
Does anyone yet know a workaround to this in the meanwhile?
Can it be announced?
 
Old 01-19-2012, 07:42 AM
Magnus Therning
 
Default security problem in X with screen saver

On Thu, Jan 19, 2012 at 08:58, Divan Santana <divan@s-tainment.co.za> wrote:
> Hi All,
>
> As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
>
> There is a quite a serious security problem.
>
> Is there a patch coming out soon?
> Does anyone yet know a workaround to this in the meanwhile?
> Can it be announced?

Have you verified that your system?

On my system none of the keys mentioned in that article have the
reported results; they all jumps out to virtual terminals. I have not
made any changes to the stock Arch config that would affect those
keys.

/M

--
Magnus Therning Â* Â* Â* Â* Â* Â* Â* Â* Â* Â* Â*OpenPGP: 0xAB4DFBA4
email: magnus@therning.org Â* jabber: magnus@therning.org
twitter: magthe Â* Â* Â* Â* Â* Â* Â* http://therning.org/magnus

Thu Jan 19 11:30:01 2012
Return-path: <devel-bounces@lists.fedoraproject.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Thu, 19 Jan 2012 10:44:43 +0200
Received: from bastion01.fedoraproject.org ([209.132.181.2]:50920 helo�stion.fedoraproject.org)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <devel-bounces@lists.fedoraproject.org>)
id 1Rnnbv-0005YP-E1
for tom@linux-archive.org; Thu, 19 Jan 2012 10:44:43 +0200
Received: from lists.fedoraproject.org (collab03.vpn.fedoraproject.org [192.168.1.70])
by bastion01.phx2.fedoraproject.org (Postfix) with ESMTP id E523320D52;
Thu, 19 Jan 2012 08:44:44 +0000 (UTC)
Received: from collab03.fedoraproject.org (localhost [127.0.0.1])
by lists.fedoraproject.org (Postfix) with ESMTP id 681B3415DA;
Thu, 19 Jan 2012 08:44:44 +0000 (UTC)
X-Original-To: devel@lists.fedoraproject.org
Delivered-To: devel@lists.fedoraproject.org
Received: from smtp-mm01.fedoraproject.org (smtp-mm01.fedoraproject.org
[80.239.156.217])
by lists.fedoraproject.org (Postfix) with ESMTP id 66CD24153B
for <devel@lists.fedoraproject.org>;
Thu, 19 Jan 2012 08:44:42 +0000 (UTC)
Received: from mail-ww0-f51.google.com (mail-ww0-f51.google.com [74.125.82.51])
by smtp-mm01.fedoraproject.org (Postfix) with ESMTP id 9641AC07FC
for <devel@lists.fedoraproject.org>;
Thu, 19 Jan 2012 08:44:41 +0000 (UTC)
Received: by wgbdy1 with SMTP id dy1so995501wgb.20
for <devel@lists.fedoraproject.org>;
Thu, 19 Jan 2012 00:44:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type;
bh=LUkCNxIqQajNqFJM4AHyLZ1Rmo9avOlpLqxSowbj9lw=;
b=KmjHIa85+MDWFaJiAJ41rBMF6m0AAbGEhfsN5cKeCw9yH3kw QwkTx8a5mZ293nAmlm
+wvBbFL0IqVCCmP2eijr72kedtvO+zlAsLt/yHhhrJYVW4lxI5coBBNxrk/wo2DCh9KF
PVRyBTChB2QPdVQMfatGUtfNt9mgr5O0eHQFcReceived: by 10.180.77.35 with SMTP id p3mr42199473wiw.11.1326962681090;
Thu, 19 Jan 2012 00:44:41 -0800 (PST)
Received: from localhost.localdomain (85-220-55-128.dsl.dynamic.simnet.is.
[85.220.55.128])
by mx.google.com with ESMTPS id fy5sm63915293wib.7.2012.01.19.00.44.39
(version=SSLv3 cipher=OTHER); Thu, 19 Jan 2012 00:44:40 -0800 (PST)
Message-ID: <4F17D7C3.3010204@gmail.com>
Date: Thu, 19 Jan 2012 08:43:47 +0000
From: =?UTF-8?B?IkrDs2hhbm4gQi4gR3XDsG11bmRzc29uIg==? <johannbg@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:9.0) Gecko/20111222 Thunderbird/9.0
MIME-Version: 1.0
To: devel@lists.fedoraproject.org
Subject: Re: Removing SysV Init Scripts
References: <FB37B844-EDED-472E-AB61-895D77B68330@5dollarwhitebox.org>
<42AF105D-D959-4969-BAB4-FFE35B15DB54@5dollarwhitebox.org>
In-Reply-To: <42AF105D-D959-4969-BAB4-FFE35B15DB54@5dollarwhitebox.org>
X-BeenThere: devel@lists.fedoraproject.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Development discussions related to Fedora
<devel@lists.fedoraproject.org>
List-Id: Development discussions related to Fedora
<devel.lists.fedoraproject.org>
List-Unsubscribe: <https://admin.fedoraproject.org/mailman/options/devel>,
<mailto:devel-request@lists.fedoraproject.org?subject=unsubscrib e>
List-Archive: <http://lists.fedoraproject.org/pipermail/devel/>
List-Post: <mailto:devel@lists.fedoraproject.org>
List-Help: <mailto:devel-request@lists.fedoraproject.org?subject=help>
List-Subscribe: <https://admin.fedoraproject.org/mailman/listinfo/devel>,
<mailto:devel-request@lists.fedoraproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============P35635638394925761=="
Sender: devel-bounces@lists.fedoraproject.org
Errors-To: devel-bounces@lists.fedoraproject.org

This is a multi-part message in MIME format.
--==============P35635638394925761=Content-Type: multipart/alternative;
boundary="------------080907070204010801080408"

This is a multi-part message in MIME format.
--------------080907070204010801080408
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

On 01/18/2012 10:42 PM, BJ Dierkes wrote:
> Sorry, I didn't mean to start a heated thread on SysV vs. Systemd or anything. Unfortunately my question wasn't really answered. I*am* removing SysV support from gearmand … and have already implemented Systemd scripts. My question is… for existing users still on SysV in Fedora< 17 …. are there any safeguards I need to put in place as to not break them… or should I just rip out all the SysV stuff and hope for the best?

From the day you ship the unit files they take precedence over the
legacy sysv init script.

Which means in your case from 0.20-1 release of gearmand the legacy sysv
init script have not been used et al so removing it will not affect anybody.

JBG

--------------080907070204010801080408
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 01/18/2012 10:42 PM, BJ Dierkes wrote:
<blockquote
cite="mid:42AF105D-D959-4969-BAB4-FFE35B15DB54@5dollarwhitebox.org"
type="cite">
<pre wrap="">Sorry, I didn't mean to start a heated thread on SysV vs. Systemd or anything. Unfortunately my question wasn't really answered. I <b class="moz-txt-star"><span class="moz-txt-tag">*</span>am<span class="moz-txt-tag">*</span></b> removing SysV support from gearmand … and have already implemented Systemd scripts. My question is… for existing users still on SysV in Fedora &lt; 17 …. are there any safeguards I need to put in place as to not break them… or should I just rip out all the SysV stuff and hope for the best?
</pre>
</blockquote>
<br>
From the day you ship the unit files they take precedence over the
legacy sysv init script.<br>
<br>
Which means in your case from 0.20-1 release of gearmand the legacy
sysv init script have not been used et al so removing it will not
affect anybody.<br>
<br>
JBG<br>
</body>
</html>

--------------080907070204010801080408--

--==============P35635638394925761=Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCmRldmVsIG1haWxpbmcgbGlzdApkZXZlbEBsaXN0cy5mZW RvcmFwcm9qZWN0Lm9yZwpodHRw
czovL2FkbWluLmZlZG9yYXByb2plY3Qub3JnL21haWxtYW4vbG lzdGluZm8vZGV2ZWw
--==============P35635638394925761==--
 
Old 01-19-2012, 07:45 AM
Timothée Ravier
 
Default security problem in X with screen saver

2012/1/19 Magnus Therning <magnus@therning.org>:
> On Thu, Jan 19, 2012 at 08:58, Divan Santana <divan@s-tainment.co.za> wrote:
>> Hi All,
>>
>> As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
>>
>> There is a quite a serious security problem.
>>
>> Is there a patch coming out soon?
>> Does anyone yet know a workaround to this in the meanwhile?
>> Can it be announced?
>
> Have you verified that your system?
>
> On my system none of the keys mentioned in that article have the
> reported results; they all jumps out to virtual terminals. *I have not
> made any changes to the stock Arch config that would affect those
> keys.

Use the Ctrl + Alt + * from the keypad to trigger the "bug".

As explained in the article, this is purely Xorg related. Use vlock
for example if you want to avoid the problem.

Tim
 
Old 01-19-2012, 07:57 AM
Magnus Therning
 
Default security problem in X with screen saver

2012/1/19 Timothée Ravier <timothee.romain.ravier@gmail.com>:
> 2012/1/19 Magnus Therning <magnus@therning.org>:
>> On Thu, Jan 19, 2012 at 08:58, Divan Santana <divan@s-tainment.co.za> wrote:
>>> Hi All,
>>>
>>> As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
>>>
>>> There is a quite a serious security problem.
>>>
>>> Is there a patch coming out soon?
>>> Does anyone yet know a workaround to this in the meanwhile?
>>> Can it be announced?
>>
>> Have you verified that your system?
>>
>> On my system none of the keys mentioned in that article have the
>> reported results; they all jumps out to virtual terminals. *I have not
>> made any changes to the stock Arch config that would affect those
>> keys.
>
> Use the Ctrl + Alt + * from the keypad to trigger the "bug".
>
> As explained in the article, this is purely Xorg related. Use vlock
> for example if you want to avoid the problem.

Yes indeed, that works. What the hell was that other article doing
mentioning all those Fn-keys then?

/M

--
Magnus Therning * * * * * * * * * * *OpenPGP: 0xAB4DFBA4
email: magnus@therning.org * jabber: magnus@therning.org
twitter: magthe * * * * * * * http://therning.org/magnus
 
Old 01-19-2012, 08:29 AM
Maciej Sitarz
 
Default security problem in X with screen saver

Hi,
a quick fix I developed for my Fedora 16 box:

1. Dump the xkb:
$ xkbcomp $DISPLAY xkb.dump
2. Make a backup
$ cp xkb.dump xkb.dump_orig
3. Remove all entries related to XF86ClearGrab and XF86Ungrab
4. Apply the XKB entries:
$ xkbcomp xkb.dump $DISPLAY

In case of any problems restore the original XKB entries:
$ xkbcomp xkb.dump_orig $DISPLAY

This should be applied after each Xorg start.
Better way to fix this would be finding real XKB config file, but didn't
manage to find any entries in /etc or /usr. It's probably compiled into
libX11.so.

Regards
--
Maciej Sitarz
 
Old 01-19-2012, 09:16 AM
Madhurya Kakati
 
Default security problem in X with screen saver

On 01/19/12 at 09:57am, Magnus Therning wrote:
>
> Yes indeed, that works. What the hell was that other article doing
> mentioning all those Fn-keys then?
>
> --
> Magnus Therning * * * * * * * * * * *OpenPGP: 0xAB4DFBA4

Just confirming that it works. I hope arch adds the patch to the repos soon.
--
Madhurya Kakati

() ascii ribbon campaign - against html e-mail
/ www.asciiribbon.org - against proprietary attachments
 
Old 01-19-2012, 09:44 AM
Florian Pritz
 
Default security problem in X with screen saver

On 01/19/2012 09:45 AM, Timothée Ravier wrote:
> 2012/1/19 Magnus Therning <magnus@therning.org>:
>> On Thu, Jan 19, 2012 at 08:58, Divan Santana <divan@s-tainment.co.za> wrote:
>>> Hi All,
>>>
>>> As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
>>>
>>> There is a quite a serious security problem.
>>>
>>> Is there a patch coming out soon?
>>> Does anyone yet know a workaround to this in the meanwhile?
>>> Can it be announced?
>>
>> Have you verified that your system?
>>
>> On my system none of the keys mentioned in that article have the
>> reported results; they all jumps out to virtual terminals. I have not
>> made any changes to the stock Arch config that would affect those
>> keys.
>
> Use the Ctrl + Alt + * from the keypad to trigger the "bug".
>
> As explained in the article, this is purely Xorg related. Use vlock
> for example if you want to avoid the problem.
>

This has been fixed in xkeyboard-config 2.4.1-3 in testing. You have to
reset your xkb map or restart X after updating.

The feature is still enabled in xorg-server so if anyone wants to use
it, just create the necessary key mappings.

--
Florian Pritz -- {flo,bluewind}@server-speed.net
 
Old 01-19-2012, 10:10 AM
Christian Hesse
 
Default security problem in X with screen saver

Florian Pritz <bluewind@xinu.at> on Thu, 19 Jan 2012 11:44:18 +0100:
> On 01/19/2012 09:45 AM, Timothée Ravier wrote:
> > 2012/1/19 Magnus Therning <magnus@therning.org>:
> >> On Thu, Jan 19, 2012 at 08:58, Divan Santana <divan@s-tainment.co.za>
> >> wrote:
> >>> Hi All,
> >>>
> >>> As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
> >>>
> >>> There is a quite a serious security problem.
> >>>
> >>> Is there a patch coming out soon?
> >>> Does anyone yet know a workaround to this in the meanwhile?
> >>> Can it be announced?
> >>
> >> Have you verified that your system?
> >>
> >> On my system none of the keys mentioned in that article have the
> >> reported results; they all jumps out to virtual terminals. I have not
> >> made any changes to the stock Arch config that would affect those
> >> keys.
> >
> > Use the Ctrl + Alt + * from the keypad to trigger the "bug".
> >
> > As explained in the article, this is purely Xorg related. Use vlock
> > for example if you want to avoid the problem.
> >
>
> This has been fixed in 2.4.1-3 in testing. You have to
> reset your xkb map or restart X after updating.
>
> The feature is still enabled in xorg-server so if anyone wants to use
> it, just create the necessary key mappings.

This fixes the problem for me. Everything seems to be fine now.
I vote for xkeyboard-config to be moved to [extra] asap.

Thanks for the fast fix!
--
Best regards,
Chris
O< ascii ribbon campaign
stop html mail - www.asciiribbon.org
 

Thread Tools




All times are GMT. The time now is 09:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org