Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:The article does not say... (Score 1) 62

Reducing one's use of paper products will not reduce global deforestation

I suggest banning the sale of lumber products taken from natural forests, Or of farm or other products created on formerly forested land without paying a heft fee per hectare of land.

Let the economic ramifications work their way back through the system and remove any significant incentive for people to deforest land.

Comment Confirmation bias (Score 1) 209

Or Texas Sharpshooter fallacy. It was always fun shooting bullets at the barn, and then afterwards painting the targets with the bullseye around each bullet.

Recorded history isn't that long. If you start with a conclusion, then you are always going to find evidence for it.

There is some probability of such events happening with OR without climate change.

Comment Re:chroot is not for security. like change directo (Score 1) 730

Sounds to me like you are banking on kernel exploits being more rare than they actually are.

Well, from a chroot environment running as a non-root user: it is going to be a technical challenge to make calls to the kernel directly, and for all you know a syscall filtering mechanism is in place, And chroot is just one of the early lines of defense.

Comment Re:read the man page (Score 1) 730

Gonna be kind of tthough to have a ahell without a tty, aka /dev/*tty*So yeah, you need /dev.

False. In fact you're false on so many counts, that I'll just show with a session excerpt to a jailed shell.

[~]# uname -ir
2.6.32-573.1.1.el6.x86_64 x86_64 [~]# grep support1 /etc/passwd
support1:x:1411:1411::/var/jail/./home/support1:/usr/sbin/jk_chrootsh
[~]# grep support1 /var/jail/etc/passwd
support1:x:1411:1411::/home/support1:/bin/bash
[~]# cat /proc/uptime
246835.99 239072.52
[~]# su - support1
[~]$ cat /proc/uptime
cat: /proc/uptime: No such file or directory
[~]$ ls -la /dev
total 8
drwxr-xr-x. 2 root root 4096 Aug 19 10:01 .
drwxr-xr-x. 10 root root 4096 Aug 19 10:07 ..
[~]$ ls /proc
ls: cannot access /proc: No such file or directory
[~]$ find / | grep tty
find: `/home.a/lost+found': Permission denied
/usr/share/terminfo/p/putty-256color
/usr/share/terminfo/p/putty
/usr/share/terminfo/p/putty-vt100
[~]$ whoami
support1
[~]$ ld
bash: ld: command not found
[~]$ /lib64/ld-linux-x86-64.so.2 /bin/date
Mon Aug 31 01:35:54 CDT 2015
[~]$ cat /bin/date > date
[~]$ ./date
bash: ./date: Permission denied
[~]$ /lib64/ld-linux-x86-64.so.2 ./date
./date: error while loading shared libraries: ./date: failed to map segment from shared object: Operation not permitted
[~]$ /lib64/ld-2.12.so /bin/date
Mon Aug 31 01:37:17 CDT 2015
[~]$ /lib64/ld-2.12.so ./date
./date: error while loading shared libraries: ./date: failed to map segment from shared object: Operation not permitted
[/home.a/support1]$ find / | grep '/ld'
/etc/ld.so.cache
/etc/ld.so.conf
/usr/bin/ldd
/lib64/ld-2.12.so
/lib64/ld-linux-x86-64.so.2
[~]$

Comment Re:Bullshit (Score 1) 730

yet it has never been clear to me which variables get passed over to the root session ans which do not

All exported environment variables, just as if you started a spawned a shell binary with the same user.

Except on systems that implemented PAM su, on these systems, PAM modules might be used to change the values of ulimits or some other environment variables, or clear some.

They might do this because it is the desire of whoever configured the system to assign additional characteristics to certain interactive root or other-user shells.

Comment Re:The way this should end (Score 1) 730

In the long run, he's not going to be satisfied until he's created his own OS, kernel and all because he calls anything he didn't write a "broken concept," whatever that is

How about we get someone to fork the Systemd that distros have adopted and start working on fixing it, paring it down, and removing unneeded functionality into separate optional related projects?

Comment Re:chroot is not for security. like change directo (Score 2, Informative) 730

You can ALWAYS "break out" of chroot.

If you get a shell in one of my chroot's used for security, then.....

  • Your uid and gid are not going to be 0. Good luck telling the kernel to try and get you out.
  • There aren't going to be any /dev, /proc, or other special filesystems inside your chroot.
  • There aren't going to be any compilers or setuid binaries inside your chroot
  • If this is a FTP area, there won't be any binaries at all
  • Only the minimum files actually necessary for the program that uses that chroot are going to be found inside that chroot.
  • You won't have a chmod() command anywhere available inside that chroot.
  • All unnecessary POSIX capabilities will have been masked out from the process.
  • There won't be any writable locations in your chroot, the whole chroot will be mounted on a read-only file system, except if there is a place where writes are required by the legitimate software, And those mount points will have been marked as noexec.
  • The kernel will be running PaX or GRSecurity, such that most user data areas are non-executable, and memory pages expected to be executable of programs will get marked as read-only as they are launched, so only available binaries can be used to communicate with the kernel through syscalls.

In short: I think chroot is plenty good for security. There's no way in hell you are breaking out, without a straight up kernel arbitrary execution exploit.

Comment Bullshit (Score 5, Insightful) 730

Lennart Poettering's long story short: "`su` is really a broken concept

Declaring established concepts as broken so you can "fix" them.

Su is not a broken concept; it's a long well-established fundamental of BSD Unix/Linux. You need a shell with some commands to be run with additional privileges in the original user's context.

If you need a full login you invoke 'su -' or 'sudo bash -'

Deciding what a full login comprises is the shell's responsibility, not your init system's job.

Comment Re:That's gonna be a nope (Score 1) 133

I don't want a tracker device to give every advertiser every single piece of data the phone gets. I don't want a media device slinging ads, loaded with bloatware.

You can either have a smartphone, or you can avoid having those things, not all 3 things.

Nokia 3310 for no ads, bloatware, trackers for advertisers.

It's not a smartphone, but it is a smart phone.

Comment The driver already surrendered ultimate control (Score 1) 236

And what if the passenger doesn't want the car to stop—can she override the command, or does the police officer have ultimate control?

No... the driver already surrendered ultimate control to the car by choosing a self-driving vehicle, and I expect the vehicle to obey the law, Even over the driver's wishes, which says that citizens must follow a lawful official's orders, unless following the order clearly violates civil rights or creates an immediate safety hazard for themselves or another person.

Being required to stop your vehicle and pull over to be detained is a legal reasonable order, So long as the car can legitimate establish the authority of the person directing.

Your self-driving car should take some precautions, in case the person gesturing your car to stop is a crook in disguise.

I see a possibility of allowing the driver to override a gesture, if the driver has the autonomous vehicle place a 911 call and hold the horn down. The driver's picture identity and vehicle info will be automatically transmitted.

Comment Re: Nothing open to the sky (Score 2) 116

can you give me another example of where radio signals are scrambled by the government?

My understanding is that some US law enforcement SWAT, Bomb Squad teams and, other counter-terrorism forces might employ tactical jamming devices when conducting certain raids in order to suppress targets' access to cellular data networks and other wireless communications, until personal electronics have been secured with targets in custody, this also helps prevent video footage of raids from getting released or saved to the cloud.

!07/11 PDP a ni deppart m'I !pleH

Working...