--===============0827207783==
Content-Type: multipart/signed;
  boundary="nextPart14203205.86aVJzmOd4";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart14203205.86aVJzmOd4
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Dave Feustel wrote:
>> > > Can you please stop making up facts about "security" every day on
>> > > this list? It wouldn't be so annoying if it actually made sense...
>
>I didn't make up a fact. I reported a technique I have tried for
> improving security which seems to work for me in practice, regardless
> of whether it makes any sense. YMMV of course.

So you made up a technique to improve security and you think it's helping=20
you, even though you also report to not know anything about KDE or X's=20
internals and you think they don't make any sense?

I'm sorry, but how is this helping? You could just as well be deleting=20
random files and think it improves security.

>> > I didn't make this up. I have seen (network) sockets created that
>> > had no
>>
>> I think David meant that "deleting unused sockets increases security"
>> is made
>
>I do not see the word "unused" in my original text. It's important to
> quote accurately. Maybe I didn't express my thought clearly.

Right, your original text doesn't say it. My reply did: those sockets are=20
no longer used.

>> up, because a socket which no one uses is obviously not a security
>> threat.
>
>It's a threat whether it's used or not. It becomes an exploit when it is
> actually used.

Please provide data to support the theory of "it's a thread when not=20
used". Or stop supporting that theory.

>I know practically nothing about KDE and Xorg internals, but cleaning up
> sockets, files and processes seems to have, for the moment, eliminated
> 'spontaneous' changes to permissions of files of which I am owner. My
> counter-intrusion program is the result of experiment, not theory, but
> so far it seems to be working.

And you haven't yet established that there was an intrusion. For all we=20
know, you stopped some normal, routine activity of your system.

Without hard data proving there was an intrusion (or high probability of=20
one) and how it happened, this is all speculation. I'd like to ask you to=20
stop labelling your speculations as security improvements.

That said, however, erasing temporary files and sockets is a good=20
practice. We should be doing that when a normal exit happens. Please=20
report any instances when a normal exit does not clean up after itself as=20
bugs in bugs.kde.org (with, of course, instructions on how to reproduce=20
the situation).
=2D-=20
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

2. T=F3 cennan his weorc gearu, ymbe se circolwyrde, wear=F0 se c=E6gbord a=
nd se=20
leohtspeccabord, and =FEa m=FDs c=F3mon lator. On =FEone d=E6g, he hine res=
te.

--nextPart14203205.86aVJzmOd4
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQBDsWq8M/XwBW70U1gRAtVHAJ9b4Qob4Yvi8gAVP34uwLtZYkidLQCbBsbA
BA9TgDvBk/6PiNdi+CZ8Tq8=
=MAsz
-----END PGP SIGNATURE-----

--nextPart14203205.86aVJzmOd4--

--===============0827207783==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

--===============0827207783==--