[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: One Way to Increase KDE security
From:       Dave Feustel <dfeustel () mindspring ! com>
Date:       2005-12-27 18:58:05
Message-ID: 200512271358.06264.dfeustel () mindspring ! com
[Download RAW message or body]

On Tuesday 27 December 2005 11:24, Thiago Macieira wrote:
> Dave Feustel wrote:
> >> > > Can you please stop making up facts about "security" every day on
> >> > > this list? It wouldn't be so annoying if it actually made sense...
> >
> >I didn't make up a fact. I reported a technique I have tried for
> > improving security which seems to work for me in practice, regardless
> > of whether it makes any sense. YMMV of course.
> 
> So you made up a technique to improve security and you think it's helping 
> you, even though you also report to not know anything about KDE or X's 
> internals 

Close enough.

> and you think they don't make any sense? 
I did not say that. In fact, if the intruder is coming in through a socket,
rm'ing the sockets makes sense since it is not disrupting any of my activities.
 
> I'm sorry, but how is this helping? 

The 'spontaneous' changes of device file permissions and the occurrances of
other strange events on my computer have dropped off essentially to zero.

> You could just as well be deleting  
> random files and think it improves security.

Now THAT doesn't make sense (to me, at least :-) )
 
> >> > I didn't make this up. I have seen (network) sockets created that
> >> > had no
> >>
> >> I think David meant that "deleting unused sockets increases security"
> >> is made
> >
> >I do not see the word "unused" in my original text. It's important to
> > quote accurately. Maybe I didn't express my thought clearly.
> 
> Right, your original text doesn't say it. My reply did: those sockets are 
> no longer used.

I reserve judgement
 
> >> up, because a socket which no one uses is obviously not a security
> >> threat.
> >
> >It's a threat whether it's used or not. It becomes an exploit when it is
> > actually used.
> 
> Please provide data to support the theory of "it's a thread when not 
> used". Or stop supporting that theory.

'threat' implies *potential* or *possible* damage. The unused socket could
possibly be used to cause damage. I prefer to follow what I think is the OpenBSD
philosophy and deal with a potential threat before it becomes manifest.
But  the semantic wrangling aside, I suspect we are on the same page.
 
> >I know practically nothing about KDE and Xorg internals, but cleaning up
> > sockets, files and processes seems to have, for the moment, eliminated
> > 'spontaneous' changes to permissions of files of which I am owner. My
> > counter-intrusion program is the result of experiment, not theory, but
> > so far it seems to be working.
> 
> And you haven't yet established that there was an intrusion. For all we 
> know, you stopped some normal, routine activity of your system.

It may be that only I can be sure that there were intrusions since only I should
be able to change file permissions, I remember what changes I made, and now
the changes have been changed. But unless you are watching over my shoulder
when I make the changes uninterruptedly until later when I reexamine the files and see
the changes undone, you have no hard evidence that what I am relating has taken 
place. This is a big reason why I am loathe to try to convince anyone at all. 

The main thing I have seen is repeated undoing of my changes of ownership and also
of permissions of /dev/[pt]typ[0-9a-e]. I was prompted to start looking at these files 
because of the repeated warnings in the error logs that kgrantpty failed to successfully
set the file permissions and that the session can be eavesdropped. A very specific
change I discovered last week was the removal of x permission from ~/.kshrc.


> Without hard data proving there was an intrusion (or high probability of 
> one) and how it happened, this is all speculation. I'd like to ask you to 
> stop labelling your speculations as security improvements.

OK.

> That said, however, erasing temporary files and sockets is a good 
> practice. We should be doing that when a normal exit happens. Please 
> report any instances when a normal exit does not clean up after itself as 
> bugs in bugs.kde.org (with, of course, instructions on how to reproduce 
> the situation).

For starters, start kde, do some things, exit kde, then do a find /tmp -ls.
There always seem to be KDE sockets lying around. I have "export TMPDIR=/home/daf/Tmp"
in my .profile (and do "rm -rf Tmp/*" after a kde session) but some KDE and XORG 
temp files are still put in /tmp. I now do "rm -rf /tmp/*" regularly to get rid of the files remaining.
-- 
"In theory, there is no difference between theory and practice.
But, in practice, there is." ~ Jan L. A. van de Snepscheut
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]